__ __ / \ / \ ______ _ _ __ __ __ / /\ / /\ \ / __ \ | | | | / \ \ \ / / / / / / \ \ | | | | | | | | / /\ \ \ / \ \ \ \ / / | |__| | | |__| | / ____ \ | | \ \/ \ \/ / \_ ___/ \____/ /_/ \_\ |_| \__/ \__/ \ \__ \___\ by Red Hat Build, Store, and Distribute your Containers Startup timestamp: Tue Nov 4 09:01:24 AM UTC 2025 Running all default registry services without migration Running init script '/quay-registry/conf/init/certs_install.sh' Installing extra certificates found in /quay-registry/conf/stack/extra_ca_certs directory Running init script '/quay-registry/conf/init/client_certs.sh' Running init script '/quay-registry/conf/init/copy_config_files.sh' Running init script '/quay-registry/conf/init/d_validate_config_bundle.sh' Validating Configuration time="2025-11-04T09:01:26Z" level=debug msg="Validating AccessSettings" time="2025-11-04T09:01:26Z" level=debug msg="Validating ActionLogArchiving" time="2025-11-04T09:01:26Z" level=debug msg="Validating AppTokenAuthentication" time="2025-11-04T09:01:26Z" level=debug msg="Validating AutoPrune" time="2025-11-04T09:01:26Z" level=debug msg="Validating BitbucketBuildTrigger" time="2025-11-04T09:01:26Z" level=debug msg="Validating BuildManager" time="2025-11-04T09:01:26Z" level=debug msg="Validating Database" time="2025-11-04T09:01:26Z" level=debug msg="Scheme: postgresql" time="2025-11-04T09:01:26Z" level=debug msg="Host: quayregistry-quay-database:5432" time="2025-11-04T09:01:26Z" level=debug msg="Db: quayregistry-quay-database" time="2025-11-04T09:01:26Z" level=debug msg="Params: " time="2025-11-04T09:01:26Z" level=debug msg="Including params " time="2025-11-04T09:01:26Z" level=debug msg="Pinging database at hostname: quayregistry-quay-database:5432." time="2025-11-04T09:01:26Z" level=debug msg="Database version: 13.20" plpgsql pg_trgm time="2025-11-04T09:01:26Z" level=debug msg="Validating DistributedStorage" time="2025-11-04T09:01:26Z" level=debug msg="Using IBM Cloud/ODF/RadosGW storage." time="2025-11-04T09:01:26Z" level=debug msg="Storage parameters: " time="2025-11-04T09:01:26Z" level=debug msg="hostname: s3.openshift-storage.svc.cluster.local:443, bucket name: quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84, TLS enabled: true" time="2025-11-04T09:01:26Z" level=debug msg="Validating ElasticSearch" time="2025-11-04T09:01:26Z" level=debug msg="Validating Email" time="2025-11-04T09:01:26Z" level=debug msg="Validating GitHubBuildTrigger" time="2025-11-04T09:01:26Z" level=debug msg="Validating GitHubLogin" time="2025-11-04T09:01:26Z" level=debug msg="Validating GitLabBuildTrigger" time="2025-11-04T09:01:26Z" level=debug msg="Validating GoogleLogin" time="2025-11-04T09:01:26Z" level=debug msg="Validating HostSettings" time="2025-11-04T09:01:26Z" level=debug msg="Validating JWTAuthentication" time="2025-11-04T09:01:26Z" level=debug msg="Validating LDAP" time="2025-11-04T09:01:26Z" level=debug msg="Validating OIDC" time="2025-11-04T09:01:26Z" level=debug msg="Validating QuayDocumentation" time="2025-11-04T09:01:26Z" level=debug msg="Validating Redis" time="2025-11-04T09:01:26Z" level=debug msg="Address: quayregistry-quay-redis:6379" time="2025-11-04T09:01:26Z" level=debug msg="Username: " time="2025-11-04T09:01:26Z" level=debug msg="Password Len: 0" time="2025-11-04T09:01:26Z" level=debug msg="Ssl: " time="2025-11-04T09:01:26Z" level=debug msg="Address: quayregistry-quay-redis:6379" time="2025-11-04T09:01:26Z" level=debug msg="Username: " time="2025-11-04T09:01:26Z" level=debug msg="Password Len: 0" time="2025-11-04T09:01:26Z" level=debug msg="Ssl: " time="2025-11-04T09:01:26Z" level=debug msg="Address: quayregistry-quay-redis:6379" time="2025-11-04T09:01:26Z" level=debug msg="Username: " time="2025-11-04T09:01:26Z" level=debug msg="Password Len: 0" time="2025-11-04T09:01:26Z" level=debug msg="Ssl: " time="2025-11-04T09:01:26Z" level=debug msg="Validating RepoMirror" time="2025-11-04T09:01:26Z" level=debug msg="Validating SecurityScanner" time="2025-11-04T09:01:26Z" level=debug msg="Validating TeamSyncing" time="2025-11-04T09:01:26Z" level=debug msg="Validating TimeMachine" time="2025-11-04T09:01:26Z" level=debug msg="Validating UserVisibleSettings" +------------------------+-------+--------+ | Field Group | Error | Status | +------------------------+-------+--------+ | AccessSettings | - | 🟢 | +------------------------+-------+--------+ | ActionLogArchiving | - | 🟢 | +------------------------+-------+--------+ | AppTokenAuthentication | - | 🟢 | +------------------------+-------+--------+ | AutoPrune | - | 🟢 | +------------------------+-------+--------+ | BitbucketBuildTrigger | - | 🟢 | +------------------------+-------+--------+ | BuildManager | - | 🟢 | +------------------------+-------+--------+ | Database | - | 🟢 | +------------------------+-------+--------+ | DistributedStorage | - | 🟢 | +------------------------+-------+--------+ | ElasticSearch | - | 🟢 | +------------------------+-------+--------+ | Email | - | 🟢 | +------------------------+-------+--------+ | GitHubBuildTrigger | - | 🟢 | +------------------------+-------+--------+ | GitHubLogin | - | 🟢 | +------------------------+-------+--------+ | GitLabBuildTrigger | - | 🟢 | +------------------------+-------+--------+ | GoogleLogin | - | 🟢 | +------------------------+-------+--------+ | HostSettings | - | 🟢 | +------------------------+-------+--------+ | JWTAuthentication | - | 🟢 | +------------------------+-------+--------+ | LDAP | - | 🟢 | +------------------------+-------+--------+ | OIDC | - | 🟢 | +------------------------+-------+--------+ | QuayDocumentation | - | 🟢 | +------------------------+-------+--------+ | Redis | - | 🟢 | +------------------------+-------+--------+ | RepoMirror | - | 🟢 | +------------------------+-------+--------+ | SecurityScanner | - | 🟢 | +------------------------+-------+--------+ | TeamSyncing | - | 🟢 | +------------------------+-------+--------+ | TimeMachine | - | 🟢 | +------------------------+-------+--------+ | UserVisibleSettings | - | 🟢 | +------------------------+-------+--------+ Running init script '/quay-registry/conf/init/nginx_conf_create.sh' Running init script '/quay-registry/conf/init/supervisord_conf_create.sh' Running init script '/quay-registry/conf/init/zz_boot.sh' fatal: not a git repository: /quay-registry/../.git/modules/quay /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' return re.sub('[^\w]+', '_', self.name) /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) /quay-registry/boot.py:76: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). expiration = datetime.utcnow() + timedelta(minutes=minutes_until_expiration) 2025-11-04 09:01:30,985 INFO RPC interface 'supervisor' initialized 2025-11-04 09:01:30,986 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2025-11-04 09:01:30,986 INFO supervisord started with pid 2 2025-11-04 09:01:31,988 INFO spawned: 'stdout' with pid 58 2025-11-04 09:01:31,990 INFO spawned: 'autopruneworker' with pid 59 2025-11-04 09:01:31,992 INFO spawned: 'blobuploadcleanupworker' with pid 60 2025-11-04 09:01:31,994 INFO spawned: 'builder' with pid 61 2025-11-04 09:01:31,996 INFO spawned: 'buildlogsarchiver' with pid 62 2025-11-04 09:01:31,999 INFO spawned: 'chunkcleanupworker' with pid 63 2025-11-04 09:01:32,000 INFO spawned: 'dnsmasq' with pid 64 2025-11-04 09:01:32,003 INFO spawned: 'expiredappspecifictokenworker' with pid 65 2025-11-04 09:01:32,005 INFO spawned: 'exportactionlogsworker' with pid 66 2025-11-04 09:01:32,007 INFO spawned: 'gcworker' with pid 67 2025-11-04 09:01:32,010 INFO spawned: 'globalpromstats' with pid 68 2025-11-04 09:01:32,012 INFO spawned: 'gunicorn-registry' with pid 69 2025-11-04 09:01:32,014 INFO spawned: 'gunicorn-secscan' with pid 70 2025-11-04 09:01:32,016 INFO spawned: 'gunicorn-web' with pid 71 2025-11-04 09:01:32,029 INFO spawned: 'logrotateworker' with pid 72 2025-11-04 09:01:32,032 INFO spawned: 'manifestbackfillworker' with pid 73 2025-11-04 09:01:32,034 INFO spawned: 'manifestsubjectbackfillworker' with pid 74 2025-11-04 09:01:32,037 INFO spawned: 'memcache' with pid 75 2025-11-04 09:01:32,039 INFO spawned: 'namespacegcworker' with pid 76 2025-11-04 09:01:32,041 INFO spawned: 'nginx' with pid 77 2025-11-04 09:01:32,044 INFO spawned: 'notificationworker' with pid 78 2025-11-04 09:01:32,046 INFO spawned: 'proxycacheblobworker' with pid 79 2025-11-04 09:01:32,048 INFO spawned: 'pullstatsredisflushworker' with pid 80 2025-11-04 09:01:32,049 INFO spawnerr: command at '/usr/local/bin/pushgateway' is a directory 2025-11-04 09:01:32,051 INFO spawned: 'queuecleanupworker' with pid 81 2025-11-04 09:01:32,053 INFO spawned: 'quotaregistrysizeworker' with pid 82 2025-11-04 09:01:32,137 INFO spawned: 'quotatotalworker' with pid 83 2025-11-04 09:01:32,142 INFO spawned: 'reconciliationworker' with pid 84 2025-11-04 09:01:32,145 INFO spawned: 'repositoryactioncounter' with pid 85 2025-11-04 09:01:32,230 INFO spawned: 'repositorygcworker' with pid 86 2025-11-04 09:01:32,232 INFO spawned: 'securityscanningnotificationworker' with pid 87 2025-11-04 09:01:32,235 INFO spawned: 'securityworker' with pid 93 2025-11-04 09:01:32,243 INFO spawned: 'servicekey' with pid 94 2025-11-04 09:01:32,251 INFO spawned: 'storagereplication' with pid 95 2025-11-04 09:01:32,256 INFO spawned: 'teamsyncworker' with pid 96 2025-11-04 09:01:33,250 INFO success: stdout entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,250 INFO success: autopruneworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,250 INFO success: blobuploadcleanupworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: builder entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: buildlogsarchiver entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: chunkcleanupworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: dnsmasq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: expiredappspecifictokenworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: exportactionlogsworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: gcworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: globalpromstats entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: gunicorn-registry entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: gunicorn-secscan entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: gunicorn-web entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: logrotateworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: manifestbackfillworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: manifestsubjectbackfillworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,251 INFO success: memcache entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: namespacegcworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: notificationworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: proxycacheblobworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: pullstatsredisflushworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO spawnerr: command at '/usr/local/bin/pushgateway' is a directory 2025-11-04 09:01:33,252 INFO success: queuecleanupworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: quotaregistrysizeworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: quotatotalworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: reconciliationworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: repositoryactioncounter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: repositorygcworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: securityscanningnotificationworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: securityworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: servicekey entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-11-04 09:01:33,252 INFO success: storagereplication entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) dnsmasq stderr | dnsmasq: started, version 2.85 cachesize 150 dnsmasq stderr | dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile dnsmasq stderr | dnsmasq: reading /etc/resolv.conf dnsmasq stderr | dnsmasq: using nameserver 172.30.0.10#53 dnsmasq stderr | dnsmasq: read /etc/hosts - 7 addresses 2025-11-04 09:01:33,329 INFO success: teamsyncworker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) nginx stdout | 2025/11/04 09:01:32 [alert] 103#103: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 101#101: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 104#104: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 102#102: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 105#105: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 106#106: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 107#107: setpriority(-10) failed (13: Permission denied) nginx stdout | 2025/11/04 09:01:32 [alert] 108#108: setpriority(-10) failed (13: Permission denied) manifestsubjectbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' manifestsubjectbackfillworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) manifestsubjectbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' manifestsubjectbackfillworker stderr | return re.sub('[^\w]+', '_', self.name) quotatotalworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' quotatotalworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) manifestbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' manifestbackfillworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) quotatotalworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' quotatotalworker stderr | return re.sub('[^\w]+', '_', self.name) manifestbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' manifestbackfillworker stderr | return re.sub('[^\w]+', '_', self.name) 2025-11-04 09:01:35,350 INFO spawnerr: command at '/usr/local/bin/pushgateway' is a directory 2025-11-04 09:01:38,353 INFO spawnerr: command at '/usr/local/bin/pushgateway' is a directory 2025-11-04 09:01:38,353 INFO gave up: pushgateway entered FATAL state, too many start retries too quickly nginx stdout | 2025/11/04 09:01:39 [crit] 101#101: *1 connect() to unix:/tmp/gunicorn_web.sock failed (2: No such file or directory) while connecting to upstream, client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock:/health/instance", host: "10.128.4.42:8080" nginx stdout | 2025/11/04 09:01:39 [error] 101#101: *1 open() "/quay-registry/static/patternfly/quay-registry/static/502.html" failed (2: No such file or directory), client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock/health/instance", host: "10.128.4.42:8080" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:01:39 +0000] "GET /health/instance HTTP/1.1" 404 146 "-" "kube-probe/1.32" (0.000 118 0.000) manifestsubjectbackfillworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay pullstatsredisflushworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay pullstatsredisflushworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' pullstatsredisflushworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) pullstatsredisflushworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' pullstatsredisflushworker stderr | return re.sub('[^\w]+', '_', self.name) pullstatsredisflushworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' pullstatsredisflushworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') manifestsubjectbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' manifestsubjectbackfillworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') blobuploadcleanupworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay gcworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay autopruneworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay namespacegcworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay quotatotalworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay gcworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' gcworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) gcworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' gcworker stderr | return re.sub('[^\w]+', '_', self.name) quotaregistrysizeworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay quotatotalworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' quotatotalworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') gcworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' gcworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') blobuploadcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' blobuploadcleanupworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) blobuploadcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' blobuploadcleanupworker stderr | return re.sub('[^\w]+', '_', self.name) autopruneworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' autopruneworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) globalpromstats stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay autopruneworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' autopruneworker stderr | return re.sub('[^\w]+', '_', self.name) namespacegcworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' namespacegcworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) repositoryactioncounter stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay namespacegcworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' namespacegcworker stderr | return re.sub('[^\w]+', '_', self.name) buildlogsarchiver stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay logrotateworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay gunicorn-secscan stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay nginx stdout | 2025/11/04 09:01:54 [crit] 103#103: *3 connect() to unix:/tmp/gunicorn_web.sock failed (2: No such file or directory) while connecting to upstream, client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock:/health/instance", host: "10.128.4.42:8080" nginx stdout | 2025/11/04 09:01:54 [error] 103#103: *3 open() "/quay-registry/static/patternfly/quay-registry/static/502.html" failed (2: No such file or directory), client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock/health/instance", host: "10.128.4.42:8080" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:01:54 +0000] "GET /health/instance HTTP/1.1" 404 146 "-" "kube-probe/1.32" (0.000 118 0.000) exportactionlogsworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay blobuploadcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' blobuploadcleanupworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') teamsyncworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay reconciliationworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay chunkcleanupworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay notificationworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay autopruneworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' autopruneworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') queuecleanupworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay namespacegcworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' namespacegcworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') securityworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay manifestbackfillworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay repositorygcworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay servicekey stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay buildlogsarchiver stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' buildlogsarchiver stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) proxycacheblobworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay buildlogsarchiver stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' buildlogsarchiver stderr | return re.sub('[^\w]+', '_', self.name) expiredappspecifictokenworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay securityscanningnotificationworker stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay quotaregistrysizeworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' quotaregistrysizeworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) storagereplication stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay quotaregistrysizeworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' quotaregistrysizeworker stderr | return re.sub('[^\w]+', '_', self.name) exportactionlogsworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' exportactionlogsworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) buildlogsarchiver stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' buildlogsarchiver stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') globalpromstats stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' globalpromstats stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) queuecleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' queuecleanupworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) exportactionlogsworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' exportactionlogsworker stderr | return re.sub('[^\w]+', '_', self.name) logrotateworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' logrotateworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) repositoryactioncounter stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' repositoryactioncounter stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) queuecleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' queuecleanupworker stderr | return re.sub('[^\w]+', '_', self.name) globalpromstats stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' globalpromstats stderr | return re.sub('[^\w]+', '_', self.name) gunicorn-web stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay logrotateworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' logrotateworker stderr | return re.sub('[^\w]+', '_', self.name) repositoryactioncounter stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' repositoryactioncounter stderr | return re.sub('[^\w]+', '_', self.name) teamsyncworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' teamsyncworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) reconciliationworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' reconciliationworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) chunkcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' chunkcleanupworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) quotaregistrysizeworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' quotaregistrysizeworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') teamsyncworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' teamsyncworker stderr | return re.sub('[^\w]+', '_', self.name) reconciliationworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' reconciliationworker stderr | return re.sub('[^\w]+', '_', self.name) chunkcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' chunkcleanupworker stderr | return re.sub('[^\w]+', '_', self.name) repositorygcworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' repositorygcworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) securityworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' securityworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) storagereplication stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' storagereplication stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) notificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' notificationworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) storagereplication stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' storagereplication stderr | return re.sub('[^\w]+', '_', self.name) repositorygcworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' repositorygcworker stderr | return re.sub('[^\w]+', '_', self.name) securityworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' securityworker stderr | return re.sub('[^\w]+', '_', self.name) notificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' notificationworker stderr | return re.sub('[^\w]+', '_', self.name) manifestbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' manifestbackfillworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') queuecleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' queuecleanupworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') globalpromstats stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' globalpromstats stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') exportactionlogsworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' exportactionlogsworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') repositoryactioncounter stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' repositoryactioncounter stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') logrotateworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' logrotateworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') proxycacheblobworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' proxycacheblobworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) expiredappspecifictokenworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' expiredappspecifictokenworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) storagereplication stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' storagereplication stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') servicekey stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' servicekey stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) proxycacheblobworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' proxycacheblobworker stderr | return re.sub('[^\w]+', '_', self.name) securityscanningnotificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' securityscanningnotificationworker stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) chunkcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' chunkcleanupworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') expiredappspecifictokenworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' expiredappspecifictokenworker stderr | return re.sub('[^\w]+', '_', self.name) teamsyncworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' teamsyncworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') repositorygcworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' repositorygcworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') reconciliationworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' reconciliationworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') servicekey stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' servicekey stderr | return re.sub('[^\w]+', '_', self.name) securityworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' securityworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') securityscanningnotificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' securityscanningnotificationworker stderr | return re.sub('[^\w]+', '_', self.name) notificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' notificationworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') proxycacheblobworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' proxycacheblobworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') expiredappspecifictokenworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' expiredappspecifictokenworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') servicekey stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' servicekey stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') securityscanningnotificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' securityscanningnotificationworker stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') pullstatsredisflushworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' pullstatsredisflushworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) manifestsubjectbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' manifestsubjectbackfillworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) nginx stdout | 2025/11/04 09:02:09 [crit] 105#105: *5 connect() to unix:/tmp/gunicorn_web.sock failed (2: No such file or directory) while connecting to upstream, client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock:/health/instance", host: "10.128.4.42:8080" nginx stdout | 2025/11/04 09:02:09 [error] 105#105: *5 open() "/quay-registry/static/patternfly/quay-registry/static/502.html" failed (2: No such file or directory), client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock/health/instance", host: "10.128.4.42:8080" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:02:09 +0000] "GET /health/instance HTTP/1.1" 404 146 "-" "kube-probe/1.32" (0.000 118 0.000) gunicorn-secscan stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' gunicorn-secscan stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) gunicorn-secscan stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' gunicorn-secscan stderr | return re.sub('[^\w]+', '_', self.name) builder stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay namespacegcworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' namespacegcworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) gunicorn-secscan stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' gunicorn-secscan stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') securityworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' securityworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) gunicorn-web stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' gunicorn-web stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) gunicorn-web stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' gunicorn-web stderr | return re.sub('[^\w]+', '_', self.name) blobuploadcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' blobuploadcleanupworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) quotaregistrysizeworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' quotaregistrysizeworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) autopruneworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' autopruneworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) gunicorn-web stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' gunicorn-web stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') storagereplication stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' storagereplication stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) reconciliationworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' reconciliationworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) builder stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' builder stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) gcworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' gcworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) builder stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' builder stderr | return re.sub('[^\w]+', '_', self.name) notificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' notificationworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) namespacegcworker stdout | 2025-11-04 09:02:23,351 [76] [DEBUG] [__main__] Starting namespace GC worker namespacegcworker stdout | 2025-11-04 09:02:23,354 [76] [DEBUG] [workers.worker] Scheduling worker. namespacegcworker stdout | 2025-11-04 09:02:23,355 [76] [INFO] [apscheduler.scheduler] Scheduler started namespacegcworker stdout | 2025-11-04 09:02:23,442 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:02:23,443 [76] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added namespacegcworker stdout | 2025-11-04 09:02:23,443 [76] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:07.444700 namespacegcworker stdout | 2025-11-04 09:02:23,445 [76] [INFO] [apscheduler.scheduler] Added job "QueueWorker.poll_queue" to job store "default" namespacegcworker stdout | 2025-11-04 09:02:23,445 [76] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:05:59.446467 namespacegcworker stdout | 2025-11-04 09:02:23,445 [76] [INFO] [apscheduler.scheduler] Added job "QueueWorker.update_queue_metrics" to job store "default" namespacegcworker stdout | 2025-11-04 09:02:23,445 [76] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:02:37.446883 namespacegcworker stdout | 2025-11-04 09:02:23,446 [76] [INFO] [apscheduler.scheduler] Added job "QueueWorker.run_watchdog" to job store "default" namespacegcworker stdout | 2025-11-04 09:02:23,446 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:02:23,446 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:02:37.446883+00:00 (in 14.000177 seconds) nginx stdout | 2025/11/04 09:02:24 [crit] 108#108: *7 connect() to unix:/tmp/gunicorn_web.sock failed (2: No such file or directory) while connecting to upstream, client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock:/health/instance", host: "10.128.4.42:8080" nginx stdout | 2025/11/04 09:02:24 [error] 108#108: *7 open() "/quay-registry/static/patternfly/quay-registry/static/502.html" failed (2: No such file or directory), client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock/health/instance", host: "10.128.4.42:8080" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:02:24 +0000] "GET /health/instance HTTP/1.1" 404 146 "-" "kube-probe/1.32" (0.000 118 0.000) builder stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' builder stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') quotatotalworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' quotatotalworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) quotaregistrysizeworker stdout | 2025-11-04 09:02:27,530 [82] [DEBUG] [workers.worker] Scheduling worker. quotaregistrysizeworker stdout | 2025-11-04 09:02:27,531 [82] [INFO] [apscheduler.scheduler] Scheduler started quotaregistrysizeworker stdout | 2025-11-04 09:02:27,641 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:02:27,641 [82] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added quotaregistrysizeworker stdout | 2025-11-04 09:02:27,642 [82] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:02:31.643382 quotaregistrysizeworker stdout | 2025-11-04 09:02:27,644 [82] [INFO] [apscheduler.scheduler] Added job "QuotaRegistrySizeWorker._calculate_registry_size" to job store "default" quotaregistrysizeworker stdout | 2025-11-04 09:02:27,644 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:02:27,644 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:02:31.643382+00:00 (in 3.998756 seconds) gunicorn-web stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' gunicorn-web stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) logrotateworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' logrotateworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) teamsyncworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' teamsyncworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) quotaregistrysizeworker stdout | 2025-11-04 09:02:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:02:31,729 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:02:31 GMT)" (scheduled at 2025-11-04 09:02:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:02:31,729 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:31.643382+00:00 (in 59.913798 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:02:31,732 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:02:31,752 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:02:31,752 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:31 GMT)" executed successfully blobuploadcleanupworker stdout | 2025-11-04 09:02:32,140 [60] [DEBUG] [workers.worker] Scheduling worker. blobuploadcleanupworker stdout | 2025-11-04 09:02:32,140 [60] [INFO] [apscheduler.scheduler] Scheduler started blobuploadcleanupworker stdout | 2025-11-04 09:02:32,149 [60] [DEBUG] [apscheduler.scheduler] Looking for jobs to run blobuploadcleanupworker stdout | 2025-11-04 09:02:32,150 [60] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added blobuploadcleanupworker stdout | 2025-11-04 09:02:32,151 [60] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:24:32.152356 blobuploadcleanupworker stdout | 2025-11-04 09:02:32,153 [60] [INFO] [apscheduler.scheduler] Added job "BlobUploadCleanupWorker._try_cleanup_uploads" to job store "default" blobuploadcleanupworker stdout | 2025-11-04 09:02:32,229 [60] [DEBUG] [apscheduler.scheduler] Looking for jobs to run blobuploadcleanupworker stdout | 2025-11-04 09:02:32,229 [60] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:24:32.152356+00:00 (in 1319.923016 seconds) globalpromstats stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' globalpromstats stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) buildlogsarchiver stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' buildlogsarchiver stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) queuecleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' queuecleanupworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) securityscanningnotificationworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' securityscanningnotificationworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) repositorygcworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' repositorygcworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) manifestbackfillworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' manifestbackfillworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) exportactionlogsworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' exportactionlogsworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) repositoryactioncounter stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' repositoryactioncounter stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) proxycacheblobworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' proxycacheblobworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) chunkcleanupworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' chunkcleanupworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) namespacegcworker stdout | 2025-11-04 09:02:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:02:37,538 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:02:37 GMT)" (scheduled at 2025-11-04 09:02:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:02:37,538 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:07.444700+00:00 (in 29.906129 seconds) namespacegcworker stdout | 2025-11-04 09:02:37,538 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:02:37,538 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:37 GMT)" executed successfully servicekey stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' servicekey stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) builder stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' builder stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) nginx stdout | 2025/11/04 09:02:39 [crit] 107#107: *9 connect() to unix:/tmp/gunicorn_web.sock failed (2: No such file or directory) while connecting to upstream, client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock:/health/instance", host: "10.128.4.42:8080" nginx stdout | 2025/11/04 09:02:39 [error] 107#107: *9 open() "/quay-registry/static/patternfly/quay-registry/static/502.html" failed (2: No such file or directory), client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock/health/instance", host: "10.128.4.42:8080" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:02:39 +0000] "GET /health/instance HTTP/1.1" 404 146 "-" "kube-probe/1.32" (0.000 118 0.000) expiredappspecifictokenworker stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' expiredappspecifictokenworker stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) notificationworker stdout | 2025-11-04 09:02:44,048 [78] [DEBUG] [workers.worker] Scheduling worker. notificationworker stdout | 2025-11-04 09:02:44,137 [78] [INFO] [apscheduler.scheduler] Scheduler started notificationworker stdout | 2025-11-04 09:02:44,155 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:02:44,155 [78] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:02:49.156372 notificationworker stdout | 2025-11-04 09:02:44,156 [78] [INFO] [apscheduler.scheduler] Added job "QueueWorker.poll_queue" to job store "default" notificationworker stdout | 2025-11-04 09:02:44,156 [78] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:05:05.157605 notificationworker stdout | 2025-11-04 09:02:44,156 [78] [INFO] [apscheduler.scheduler] Added job "QueueWorker.update_queue_metrics" to job store "default" notificationworker stdout | 2025-11-04 09:02:44,156 [78] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:29.157944 notificationworker stdout | 2025-11-04 09:02:44,157 [78] [INFO] [apscheduler.scheduler] Added job "QueueWorker.run_watchdog" to job store "default" notificationworker stdout | 2025-11-04 09:02:44,155 [78] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added notificationworker stdout | 2025-11-04 09:02:44,157 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:02:44,157 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:02:49.156372+00:00 (in 4.998952 seconds) gunicorn-web stdout | 2025-11-04 09:02:45,942 [71] [DEBUG] [sentry_sdk.errors] [Tracing] Create new propagation context: {'trace_id': 'fd9ed736c1894092a86e0cdfb6b60d6d', 'span_id': '8311a6d59ccbdc51', 'parent_span_id': None, 'dynamic_sampling_context': None} autopruneworker stdout | 2025-11-04 09:02:46,031 [59] [DEBUG] [workers.worker] Scheduling worker. autopruneworker stdout | 2025-11-04 09:02:46,031 [59] [INFO] [apscheduler.scheduler] Scheduler started autopruneworker stdout | 2025-11-04 09:02:46,047 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:02:46,047 [59] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added autopruneworker stdout | 2025-11-04 09:02:46,129 [59] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:16.130127 autopruneworker stdout | 2025-11-04 09:02:46,130 [59] [INFO] [apscheduler.scheduler] Added job "AutoPruneWorker.prune" to job store "default" autopruneworker stdout | 2025-11-04 09:02:46,131 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:02:46,131 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:16.130127+00:00 (in 29.998935 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,139 [74] [DEBUG] [workers.worker] Scheduling worker. gunicorn-web stdout | 2025-11-04 09:02:46,155 [71] [DEBUG] [app] Loading default config. gunicorn-web stdout | 2025-11-04 09:02:46,156 [71] [DEBUG] [util.config.provider.basefileprovider] Applying config file: /quay-registry/conf/stack/config.yaml manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,153 [74] [INFO] [apscheduler.scheduler] Scheduler started gunicorn-web stdout | 2025-11-04 09:02:46,237 [71] [DEBUG] [app] Loaded config manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,244 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gunicorn-web stdout | 2025-11-04 09:02:46,245 [71] [INFO] [util.ipresolver] Loading AWS IP ranges from disk manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,244 [74] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:19.245377 manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,246 [74] [INFO] [apscheduler.scheduler] Added job "ManifestSubjectBackfillWorker._backfill_manifest_subject" to job store "default" manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,246 [74] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:20.247243 manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,246 [74] [INFO] [apscheduler.scheduler] Added job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type" to job store "default" manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,245 [74] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,330 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:02:46,331 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:19.245377+00:00 (in 32.914046 seconds) gunicorn-web stdout | 2025-11-04 09:02:46,352 [71] [DEBUG] [util.ipresolver] Building AWS IP ranges gunicorn-web stdout | 2025-11-04 09:02:47,333 [71] [DEBUG] [util.ipresolver] Finished building AWS IP ranges gunicorn-web stdout | 2025-11-04 09:02:47,337 [71] [DEBUG] [botocore.hooks] Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane gunicorn-web stdout | 2025-11-04 09:02:47,343 [71] [DEBUG] [botocore.hooks] Changing event name from before-call.apigateway to before-call.api-gateway gunicorn-web stdout | 2025-11-04 09:02:47,350 [71] [DEBUG] [botocore.hooks] Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict gunicorn-web stdout | 2025-11-04 09:02:47,354 [71] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration gunicorn-web stdout | 2025-11-04 09:02:47,430 [71] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.route53 to before-parameter-build.route-53 gunicorn-web stdout | 2025-11-04 09:02:47,432 [71] [DEBUG] [botocore.hooks] Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search gunicorn-web stdout | 2025-11-04 09:02:47,434 [71] [DEBUG] [botocore.hooks] Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section gunicorn-web stdout | 2025-11-04 09:02:47,448 [71] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask gunicorn-web stdout | 2025-11-04 09:02:47,449 [71] [DEBUG] [botocore.hooks] Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section gunicorn-web stdout | 2025-11-04 09:02:47,450 [71] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search gunicorn-web stdout | 2025-11-04 09:02:47,451 [71] [DEBUG] [botocore.hooks] Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section gcworker stdout | 2025-11-04 09:02:47,933 [67] [DEBUG] [workers.worker] Scheduling worker. gcworker stdout | 2025-11-04 09:02:47,939 [67] [INFO] [apscheduler.scheduler] Scheduler started gunicorn-web stdout | 2025-11-04 09:02:47,950 [71] [DEBUG] [data.database] Configuring database gcworker stdout | 2025-11-04 09:02:47,951 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:02:47,951 [67] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added gcworker stdout | 2025-11-04 09:02:47,951 [67] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:04.952363 gcworker stdout | 2025-11-04 09:02:47,954 [67] [INFO] [apscheduler.scheduler] Added job "GarbageCollectionWorker._garbage_collection_repos" to job store "default" gcworker stdout | 2025-11-04 09:02:47,955 [67] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:02:55.956600 gcworker stdout | 2025-11-04 09:02:47,955 [67] [INFO] [apscheduler.scheduler] Added job "GarbageCollectionWorker._scan_notifications" to job store "default" gunicorn-web stdout | 2025-11-04 09:02:47,955 [71] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:02:47,955 [71] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [INFO] [data.secscan_model] =============================== gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [INFO] [data.secscan_model] Using split secscan model: `[]` gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [INFO] [data.secscan_model] =============================== gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [DEBUG] [data.logs_model] Configuring log model gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [INFO] [data.logs_model] =============================== gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [INFO] [data.logs_model] Using logs model `` gunicorn-web stdout | 2025-11-04 09:02:47,956 [71] [INFO] [data.logs_model] =============================== gcworker stdout | 2025-11-04 09:02:48,029 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:02:48,029 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:02:55.956600+00:00 (in 7.927326 seconds) notificationworker stdout | 2025-11-04 09:02:49,229 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:02:49,243 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:02:49 GMT)" (scheduled at 2025-11-04 09:02:49.156372+00:00) notificationworker stdout | 2025-11-04 09:02:49,244 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:02:59.156372+00:00 (in 9.912246 seconds) notificationworker stdout | 2025-11-04 09:02:49,244 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:02:49,246 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 2, 49, 245183), True, datetime.datetime(2025, 11, 4, 9, 2, 49, 245183), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:02:49,339 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:02:49,340 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:02:49,340 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:02:59 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:02:49,547 [95] [DEBUG] [__main__] Full storage replication disabled; skipping gunicorn-secscan stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' gunicorn-secscan stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) namespacegcworker stdout | 2025-11-04 09:02:51,741 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: servicekey stdout | 2025-11-04 09:02:52,945 [94] [DEBUG] [workers.worker] Scheduling worker. servicekey stdout | 2025-11-04 09:02:52,946 [94] [INFO] [apscheduler.scheduler] Scheduler started servicekey stdout | 2025-11-04 09:02:53,042 [94] [DEBUG] [apscheduler.scheduler] Looking for jobs to run servicekey stdout | 2025-11-04 09:02:53,042 [94] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:04:14.043388 servicekey stdout | 2025-11-04 09:02:53,043 [94] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added servicekey stdout | 2025-11-04 09:02:53,044 [94] [INFO] [apscheduler.scheduler] Added job "ServiceKeyWorker._refresh_service_key" to job store "default" servicekey stdout | 2025-11-04 09:02:53,046 [94] [DEBUG] [apscheduler.scheduler] Looking for jobs to run servicekey stdout | 2025-11-04 09:02:53,047 [94] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:14.043388+00:00 (in 80.996354 seconds) builder stdout | 2025-11-04 09:02:53,953 [61] [DEBUG] [__main__] Building is disabled. Please enable the feature flag manifestbackfillworker stdout | 2025-11-04 09:02:54,051 [73] [DEBUG] [workers.worker] Scheduling worker. manifestbackfillworker stdout | 2025-11-04 09:02:54,053 [73] [INFO] [apscheduler.scheduler] Scheduler started manifestbackfillworker stdout | 2025-11-04 09:02:54,142 [73] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestbackfillworker stdout | 2025-11-04 09:02:54,142 [73] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:05:36.143380 manifestbackfillworker stdout | 2025-11-04 09:02:54,144 [73] [INFO] [apscheduler.scheduler] Added job "ManifestBackfillWorker._backfill_manifests" to job store "default" manifestbackfillworker stdout | 2025-11-04 09:02:54,143 [73] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added manifestbackfillworker stdout | 2025-11-04 09:02:54,230 [73] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestbackfillworker stdout | 2025-11-04 09:02:54,231 [73] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:36.143380+00:00 (in 161.912052 seconds) nginx stdout | 2025/11/04 09:02:54 [crit] 106#106: *11 connect() to unix:/tmp/gunicorn_web.sock failed (2: No such file or directory) while connecting to upstream, client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock:/health/instance", host: "10.128.4.42:8080" nginx stdout | 2025/11/04 09:02:54 [error] 106#106: *11 open() "/quay-registry/static/patternfly/quay-registry/static/502.html" failed (2: No such file or directory), client: 10.128.4.2, server: , request: "GET /health/instance HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_web.sock/health/instance", host: "10.128.4.42:8080" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:02:54 +0000] "GET /health/instance HTTP/1.1" 404 146 "-" "kube-probe/1.32" (0.000 118 0.000) securityworker stdout | 2025-11-04 09:02:55,235 [93] [DEBUG] [workers.worker] Scheduling worker. exportactionlogsworker stdout | 2025-11-04 09:02:55,245 [66] [DEBUG] [__main__] Starting export action logs worker securityworker stdout | 2025-11-04 09:02:55,248 [93] [INFO] [apscheduler.scheduler] Scheduler started exportactionlogsworker stdout | 2025-11-04 09:02:55,249 [66] [DEBUG] [workers.worker] Scheduling worker. exportactionlogsworker stdout | 2025-11-04 09:02:55,250 [66] [INFO] [apscheduler.scheduler] Scheduler started securityworker stdout | 2025-11-04 09:02:55,251 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:02:55,251 [93] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:07.252445 securityworker stdout | 2025-11-04 09:02:55,253 [93] [INFO] [apscheduler.scheduler] Added job "SecurityWorker._index_in_scanner" to job store "default" securityworker stdout | 2025-11-04 09:02:55,253 [93] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:21.254713 securityworker stdout | 2025-11-04 09:02:55,253 [93] [INFO] [apscheduler.scheduler] Added job "SecurityWorker._index_recent_manifests_in_scanner" to job store "default" securityworker stdout | 2025-11-04 09:02:55,252 [93] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added securityworker stdout | 2025-11-04 09:02:55,331 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:02:55,332 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:07.252445+00:00 (in 11.920427 seconds) exportactionlogsworker stdout | 2025-11-04 09:02:55,339 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:02:55,339 [66] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:28.340417 exportactionlogsworker stdout | 2025-11-04 09:02:55,341 [66] [INFO] [apscheduler.scheduler] Added job "QueueWorker.poll_queue" to job store "default" exportactionlogsworker stdout | 2025-11-04 09:02:55,342 [66] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:07:12.342983 exportactionlogsworker stdout | 2025-11-04 09:02:55,342 [66] [INFO] [apscheduler.scheduler] Added job "QueueWorker.update_queue_metrics" to job store "default" exportactionlogsworker stdout | 2025-11-04 09:02:55,342 [66] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:16.343350 exportactionlogsworker stdout | 2025-11-04 09:02:55,342 [66] [INFO] [apscheduler.scheduler] Added job "QueueWorker.run_watchdog" to job store "default" exportactionlogsworker stdout | 2025-11-04 09:02:55,340 [66] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added exportactionlogsworker stdout | 2025-11-04 09:02:55,344 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:02:55,345 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:16.343350+00:00 (in 20.997664 seconds) teamsyncworker stdout | 2025-11-04 09:02:55,538 [96] [DEBUG] [__main__] Team syncing is disabled; sleeping quotaregistrysizeworker stdout | 2025-11-04 09:02:55,650 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:02:55,942 [80] [INFO] [__main__] RedisFlushWorker: Initialized Redis client for pull metrics pullstatsredisflushworker stdout | 2025-11-04 09:02:55,946 [80] [DEBUG] [workers.worker] Scheduling worker. pullstatsredisflushworker stdout | 2025-11-04 09:02:55,947 [80] [INFO] [apscheduler.scheduler] Scheduler started pullstatsredisflushworker stdout | 2025-11-04 09:02:55,951 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:02:55,951 [80] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:12.952336 pullstatsredisflushworker stdout | 2025-11-04 09:02:55,952 [80] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added gcworker stdout | 2025-11-04 09:02:56,029 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:02:55,954 [80] [INFO] [apscheduler.scheduler] Added job "RedisFlushWorker._flush_pull_metrics" to job store "default" pullstatsredisflushworker stdout | 2025-11-04 09:02:56,029 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:02:56,029 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:12.952336+00:00 (in 16.922949 seconds) gcworker stdout | 2025-11-04 09:02:56,033 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:02:55 GMT)" (scheduled at 2025-11-04 09:02:55.956600+00:00) gcworker stdout | 2025-11-04 09:02:56,033 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:04.952363+00:00 (in 8.918419 seconds) gcworker stdout | 2025-11-04 09:02:56,035 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:02:56,051 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246676051, None, 1, 0]) gcworker stdout | 2025-11-04 09:02:56,131 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:02:56,131 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:25 GMT)" executed successfully globalpromstats stdout | 2025-11-04 09:02:56,940 [68] [DEBUG] [workers.worker] Scheduling worker. globalpromstats stdout | 2025-11-04 09:02:56,940 [68] [INFO] [apscheduler.scheduler] Scheduler started globalpromstats stdout | 2025-11-04 09:02:56,946 [68] [DEBUG] [apscheduler.scheduler] Looking for jobs to run globalpromstats stdout | 2025-11-04 09:02:56,946 [68] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:48:56.947299 globalpromstats stdout | 2025-11-04 09:02:56,947 [68] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added globalpromstats stdout | 2025-11-04 09:02:56,948 [68] [INFO] [apscheduler.scheduler] Added job "GlobalPrometheusStatsWorker._try_report_stats" to job store "default" globalpromstats stdout | 2025-11-04 09:02:56,948 [68] [DEBUG] [apscheduler.scheduler] Looking for jobs to run globalpromstats stdout | 2025-11-04 09:02:56,948 [68] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:48:56.947299+00:00 (in 2759.998349 seconds) chunkcleanupworker stdout | 2025-11-04 09:02:57,343 [63] [DEBUG] [__main__] Swift storage not detected; sleeping gunicorn-registry stderr | fatal: not a git repository: /quay-registry/../.git/modules/quay blobuploadcleanupworker stdout | 2025-11-04 09:02:57,551 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:02:58,135 [79] [DEBUG] [__main__] Starting proxy cache blob worker proxycacheblobworker stdout | 2025-11-04 09:02:58,138 [79] [DEBUG] [workers.worker] Scheduling worker. proxycacheblobworker stdout | 2025-11-04 09:02:58,139 [79] [INFO] [apscheduler.scheduler] Scheduler started proxycacheblobworker stdout | 2025-11-04 09:02:58,139 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:02:58,140 [79] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added proxycacheblobworker stdout | 2025-11-04 09:02:58,139 [79] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:04.140529 proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [INFO] [apscheduler.scheduler] Added job "QueueWorker.poll_queue" to job store "default" proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:08.142131 proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [INFO] [apscheduler.scheduler] Added job "QueueWorker.update_queue_metrics" to job store "default" proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:27.142482 proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [INFO] [apscheduler.scheduler] Added job "QueueWorker.run_watchdog" to job store "default" proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:02:58,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:04.140529+00:00 (in 5.998624 seconds) queuecleanupworker stdout | 2025-11-04 09:02:58,442 [81] [DEBUG] [workers.worker] Scheduling worker. queuecleanupworker stdout | 2025-11-04 09:02:58,444 [81] [INFO] [apscheduler.scheduler] Scheduler started queuecleanupworker stdout | 2025-11-04 09:02:58,446 [81] [DEBUG] [apscheduler.scheduler] Looking for jobs to run queuecleanupworker stdout | 2025-11-04 09:02:58,446 [81] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 16:35:56.447118 queuecleanupworker stdout | 2025-11-04 09:02:58,447 [81] [INFO] [apscheduler.scheduler] Added job "QueueCleanupWorker._cleanup_queue" to job store "default" queuecleanupworker stdout | 2025-11-04 09:02:58,447 [81] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added queuecleanupworker stdout | 2025-11-04 09:02:58,450 [81] [DEBUG] [apscheduler.scheduler] Looking for jobs to run queuecleanupworker stdout | 2025-11-04 09:02:58,451 [81] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 16:35:56.447118+00:00 (in 27177.996122 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:02:58,739 [87] [DEBUG] [__main__] Starting security scanning notification worker securityscanningnotificationworker stdout | 2025-11-04 09:02:58,742 [87] [DEBUG] [workers.worker] Scheduling worker. securityscanningnotificationworker stdout | 2025-11-04 09:02:58,742 [87] [INFO] [apscheduler.scheduler] Scheduler started securityscanningnotificationworker stdout | 2025-11-04 09:02:58,742 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:02:58,742 [87] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:10.743793 securityscanningnotificationworker stdout | 2025-11-04 09:02:58,743 [87] [INFO] [apscheduler.scheduler] Added job "QueueWorker.poll_queue" to job store "default" securityscanningnotificationworker stdout | 2025-11-04 09:02:58,744 [87] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:04:27.745464 securityscanningnotificationworker stdout | 2025-11-04 09:02:58,744 [87] [INFO] [apscheduler.scheduler] Added job "QueueWorker.update_queue_metrics" to job store "default" securityscanningnotificationworker stdout | 2025-11-04 09:02:58,744 [87] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:27.745810 securityscanningnotificationworker stdout | 2025-11-04 09:02:58,745 [87] [INFO] [apscheduler.scheduler] Added job "QueueWorker.run_watchdog" to job store "default" securityscanningnotificationworker stdout | 2025-11-04 09:02:58,743 [87] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added securityscanningnotificationworker stdout | 2025-11-04 09:02:58,745 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:02:58,745 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:10.743793+00:00 (in 11.998517 seconds) notificationworker stdout | 2025-11-04 09:02:59,229 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:02:59,229 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:09.156372+00:00 (in 9.926885 seconds) notificationworker stdout | 2025-11-04 09:02:59,229 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:09 GMT)" (scheduled at 2025-11-04 09:02:59.156372+00:00) notificationworker stdout | 2025-11-04 09:02:59,229 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:02:59,231 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 2, 59, 229878), True, datetime.datetime(2025, 11, 4, 9, 2, 59, 229878), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:02:59,247 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:02:59,247 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:02:59,247 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:09 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,933 [65] [DEBUG] [__main__] Starting expired app specific token GC worker expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,934 [65] [DEBUG] [__main__] Found expiration window: 1d expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,938 [65] [DEBUG] [workers.worker] Scheduling worker. expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,939 [65] [INFO] [apscheduler.scheduler] Scheduler started expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,941 [65] [DEBUG] [apscheduler.scheduler] Looking for jobs to run expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,943 [65] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,942 [65] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:14:50.943644 expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,945 [65] [INFO] [apscheduler.scheduler] Added job "ExpiredAppSpecificTokenWorker._gc_expired_tokens" to job store "default" expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,946 [65] [DEBUG] [apscheduler.scheduler] Looking for jobs to run expiredappspecifictokenworker stdout | 2025-11-04 09:02:59,947 [65] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:14:50.943644+00:00 (in 710.996592 seconds) buildlogsarchiver stdout | 2025-11-04 09:03:00,633 [62] [DEBUG] [workers.worker] Scheduling worker. buildlogsarchiver stdout | 2025-11-04 09:03:00,633 [62] [INFO] [apscheduler.scheduler] Scheduler started buildlogsarchiver stdout | 2025-11-04 09:03:00,634 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:03:00,635 [62] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:19.635986 buildlogsarchiver stdout | 2025-11-04 09:03:00,635 [62] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added buildlogsarchiver stdout | 2025-11-04 09:03:00,637 [62] [INFO] [apscheduler.scheduler] Added job "ArchiveBuildLogsWorker._archive_redis_buildlogs" to job store "default" buildlogsarchiver stdout | 2025-11-04 09:03:00,638 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:03:00,639 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:19.635986+00:00 (in 18.996892 seconds) logrotateworker stdout | 2025-11-04 09:03:00,735 [72] [DEBUG] [__main__] Action log rotation worker not enabled; skipping gunicorn-web stdout | 2025-11-04 09:03:00,743 [71] [DEBUG] [__config__] Starting web gunicorn with 4 workers and gevent worker class gunicorn-web stderr | Traceback (most recent call last): gunicorn-web stderr | File "src/gevent/_abstract_linkable.py", line 287, in gevent._gevent_c_abstract_linkable.AbstractLinkable._notify_links gunicorn-web stderr | File "src/gevent/_abstract_linkable.py", line 333, in gevent._gevent_c_abstract_linkable.AbstractLinkable._notify_links gunicorn-web stderr | AssertionError: (None, ) gunicorn-web stderr | 2025-11-04T09:03:00Z failed with AssertionError repositorygcworker stdout | 2025-11-04 09:03:01,059 [86] [DEBUG] [__main__] Starting repository GC worker repositorygcworker stdout | 2025-11-04 09:03:01,062 [86] [DEBUG] [workers.worker] Scheduling worker. repositorygcworker stdout | 2025-11-04 09:03:01,062 [86] [INFO] [apscheduler.scheduler] Scheduler started repositorygcworker stdout | 2025-11-04 09:03:01,062 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:03:01,062 [86] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added repositorygcworker stdout | 2025-11-04 09:03:01,063 [86] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:27.063966 repositorygcworker stdout | 2025-11-04 09:03:01,064 [86] [INFO] [apscheduler.scheduler] Added job "QueueWorker.poll_queue" to job store "default" repositorygcworker stdout | 2025-11-04 09:03:01,064 [86] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:07:30.065093 repositorygcworker stdout | 2025-11-04 09:03:01,064 [86] [INFO] [apscheduler.scheduler] Added job "QueueWorker.update_queue_metrics" to job store "default" repositorygcworker stdout | 2025-11-04 09:03:01,064 [86] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:03:51.065407 repositorygcworker stdout | 2025-11-04 09:03:01,064 [86] [INFO] [apscheduler.scheduler] Added job "QueueWorker.run_watchdog" to job store "default" repositorygcworker stdout | 2025-11-04 09:03:01,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:03:01,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:27.063966+00:00 (in 25.998315 seconds) repositoryactioncounter stdout | 2025-11-04 09:03:01,132 [85] [DEBUG] [workers.worker] Scheduling worker. repositoryactioncounter stdout | 2025-11-04 09:03:01,133 [85] [INFO] [apscheduler.scheduler] Scheduler started repositoryactioncounter stdout | 2025-11-04 09:03:01,133 [85] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositoryactioncounter stdout | 2025-11-04 09:03:01,134 [85] [DEBUG] [apscheduler.scheduler] No jobs; waiting until a job is added repositoryactioncounter stdout | 2025-11-04 09:03:01,134 [85] [DEBUG] [workers.worker] First run scheduled for 2025-11-04 09:09:58.135163 repositoryactioncounter stdout | 2025-11-04 09:03:01,135 [85] [INFO] [apscheduler.scheduler] Added job "RepositoryActionCountWorker._run_counting" to job store "default" repositoryactioncounter stdout | 2025-11-04 09:03:01,135 [85] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositoryactioncounter stdout | 2025-11-04 09:03:01,135 [85] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:58.135163+00:00 (in 416.999777 seconds) gunicorn-secscan stdout | 2025-11-04 09:03:01,233 [70] [DEBUG] [sentry_sdk.errors] [Tracing] Create new propagation context: {'trace_id': '5a4582b8dfc64bc193dea5b0258a910f', 'span_id': '805c9e28d97fa04c', 'parent_span_id': None, 'dynamic_sampling_context': None} gunicorn-secscan stdout | 2025-11-04 09:03:01,245 [70] [DEBUG] [app] Loading default config. gunicorn-secscan stdout | 2025-11-04 09:03:01,246 [70] [DEBUG] [util.config.provider.basefileprovider] Applying config file: /quay-registry/conf/stack/config.yaml gunicorn-secscan stdout | 2025-11-04 09:03:01,253 [70] [DEBUG] [app] Loaded config gunicorn-secscan stdout | 2025-11-04 09:03:01,254 [70] [INFO] [util.ipresolver] Loading AWS IP ranges from disk gunicorn-secscan stdout | 2025-11-04 09:03:01,266 [70] [DEBUG] [util.ipresolver] Building AWS IP ranges gunicorn-registry stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:2784: SyntaxWarning: invalid escape sequence '\w' gunicorn-registry stderr | clean_field_names = re.sub('[^\w]+', '', '_'.join(accum)) gunicorn-secscan stdout | 2025-11-04 09:03:01,329 [70] [DEBUG] [util.ipresolver] Finished building AWS IP ranges gunicorn-secscan stdout | 2025-11-04 09:03:01,331 [70] [DEBUG] [botocore.hooks] Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane gunicorn-registry stderr | /opt/app-root/lib64/python3.12/site-packages/peewee.py:5763: SyntaxWarning: invalid escape sequence '\w' gunicorn-registry stderr | return re.sub('[^\w]+', '_', self.name) gunicorn-secscan stdout | 2025-11-04 09:03:01,332 [70] [DEBUG] [botocore.hooks] Changing event name from before-call.apigateway to before-call.api-gateway gunicorn-secscan stdout | 2025-11-04 09:03:01,333 [70] [DEBUG] [botocore.hooks] Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict gunicorn-secscan stdout | 2025-11-04 09:03:01,335 [70] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration gunicorn-secscan stdout | 2025-11-04 09:03:01,335 [70] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.route53 to before-parameter-build.route-53 gunicorn-secscan stdout | 2025-11-04 09:03:01,335 [70] [DEBUG] [botocore.hooks] Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search gunicorn-secscan stdout | 2025-11-04 09:03:01,336 [70] [DEBUG] [botocore.hooks] Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section gunicorn-secscan stdout | 2025-11-04 09:03:01,338 [70] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask gunicorn-secscan stdout | 2025-11-04 09:03:01,338 [70] [DEBUG] [botocore.hooks] Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section gunicorn-secscan stdout | 2025-11-04 09:03:01,339 [70] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search gunicorn-secscan stdout | 2025-11-04 09:03:01,339 [70] [DEBUG] [botocore.hooks] Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section gunicorn-registry stderr | /opt/app-root/lib64/python3.12/site-packages/playhouse/sqlite_ext.py:451: SyntaxWarning: invalid escape sequence '\s' gunicorn-registry stderr | _quote_re = re.compile('(?:[^\s"]|"(?:\\.|[^"])*")+') gunicorn-secscan stdout | 2025-11-04 09:03:01,435 [70] [DEBUG] [data.database] Configuring database gunicorn-secscan stdout | 2025-11-04 09:03:01,435 [70] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-secscan gunicorn-secscan stdout | 2025-11-04 09:03:01,435 [70] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [INFO] [data.secscan_model] =============================== gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [INFO] [data.secscan_model] Using split secscan model: `[]` gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [INFO] [data.secscan_model] =============================== gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [DEBUG] [data.logs_model] Configuring log model gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [INFO] [data.logs_model] =============================== gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [INFO] [data.logs_model] Using logs model `` gunicorn-secscan stdout | 2025-11-04 09:03:01,436 [70] [INFO] [data.logs_model] =============================== gunicorn-secscan stdout | 2025-11-04 09:03:01,720 [70] [DEBUG] [__config__] Starting secscan gunicorn with 2 workers and gevent worker class gunicorn-secscan stderr | Traceback (most recent call last): gunicorn-secscan stderr | File "src/gevent/_abstract_linkable.py", line 287, in gevent._gevent_c_abstract_linkable.AbstractLinkable._notify_links gunicorn-secscan stderr | File "src/gevent/_abstract_linkable.py", line 333, in gevent._gevent_c_abstract_linkable.AbstractLinkable._notify_links gunicorn-secscan stderr | AssertionError: (None, ) gunicorn-secscan stderr | 2025-11-04T09:03:01Z failed with AssertionError gunicorn-registry stderr | /opt/app-root/lib64/python3.12/site-packages/splunklib/client.py:782: SyntaxWarning: invalid escape sequence '\/' gunicorn-registry stderr | versionSearch = re.search('(?:servicesNS\/[^/]+\/[^/]+|services)\/[^/]+\/v(\d+)\/', path) gunicorn-registry stdout | 2025-11-04 09:03:03,438 [69] [DEBUG] [sentry_sdk.errors] [Tracing] Create new propagation context: {'trace_id': 'd1ed30771ed1433a8f306652e51bf9b0', 'span_id': '88adb6dea3098a66', 'parent_span_id': None, 'dynamic_sampling_context': None} gunicorn-registry stdout | 2025-11-04 09:03:03,450 [69] [DEBUG] [app] Loading default config. gunicorn-registry stdout | 2025-11-04 09:03:03,450 [69] [DEBUG] [util.config.provider.basefileprovider] Applying config file: /quay-registry/conf/stack/config.yaml gunicorn-registry stdout | 2025-11-04 09:03:03,457 [69] [DEBUG] [app] Loaded config gunicorn-registry stdout | 2025-11-04 09:03:03,459 [69] [INFO] [util.ipresolver] Loading AWS IP ranges from disk gunicorn-registry stdout | 2025-11-04 09:03:03,469 [69] [DEBUG] [util.ipresolver] Building AWS IP ranges gunicorn-registry stdout | 2025-11-04 09:03:03,537 [69] [DEBUG] [util.ipresolver] Finished building AWS IP ranges gunicorn-registry stdout | 2025-11-04 09:03:03,540 [69] [DEBUG] [botocore.hooks] Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane gunicorn-registry stdout | 2025-11-04 09:03:03,541 [69] [DEBUG] [botocore.hooks] Changing event name from before-call.apigateway to before-call.api-gateway gunicorn-registry stdout | 2025-11-04 09:03:03,542 [69] [DEBUG] [botocore.hooks] Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict gunicorn-registry stdout | 2025-11-04 09:03:03,544 [69] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration gunicorn-registry stdout | 2025-11-04 09:03:03,544 [69] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.route53 to before-parameter-build.route-53 gunicorn-registry stdout | 2025-11-04 09:03:03,544 [69] [DEBUG] [botocore.hooks] Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search gunicorn-registry stdout | 2025-11-04 09:03:03,545 [69] [DEBUG] [botocore.hooks] Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section gunicorn-registry stdout | 2025-11-04 09:03:03,548 [69] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask gunicorn-registry stdout | 2025-11-04 09:03:03,548 [69] [DEBUG] [botocore.hooks] Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section gunicorn-registry stdout | 2025-11-04 09:03:03,548 [69] [DEBUG] [botocore.hooks] Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search gunicorn-registry stdout | 2025-11-04 09:03:03,548 [69] [DEBUG] [botocore.hooks] Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section gunicorn-registry stdout | 2025-11-04 09:03:03,644 [69] [DEBUG] [data.database] Configuring database gunicorn-registry stdout | 2025-11-04 09:03:03,645 [69] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-registry gunicorn-registry stdout | 2025-11-04 09:03:03,645 [69] [INFO] [data.database] Connection pooling enabled for postgresql; stale timeout: None; max connection count: None gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [INFO] [data.secscan_model] =============================== gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [INFO] [data.secscan_model] Using split secscan model: `[]` gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [INFO] [data.secscan_model] =============================== gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [DEBUG] [data.logs_model] Configuring log model gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [INFO] [data.logs_model] =============================== gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [INFO] [data.logs_model] Using logs model `` gunicorn-registry stdout | 2025-11-04 09:03:03,646 [69] [INFO] [data.logs_model] =============================== proxycacheblobworker stdout | 2025-11-04 09:03:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:04 GMT)" (scheduled at 2025-11-04 09:03:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:03:04,143 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 4, 141489), True, datetime.datetime(2025, 11, 4, 9, 3, 4, 141489), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:03:04,144 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:08.142131+00:00 (in 3.997255 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:04,156 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:03:04,156 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:04,156 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:14 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:03:04,537 [69] [DEBUG] [__config__] Starting registry gunicorn with 8 workers and gevent worker class gunicorn-registry stderr | Traceback (most recent call last): gunicorn-registry stderr | File "src/gevent/_abstract_linkable.py", line 287, in gevent._gevent_c_abstract_linkable.AbstractLinkable._notify_links gunicorn-registry stderr | File "src/gevent/_abstract_linkable.py", line 333, in gevent._gevent_c_abstract_linkable.AbstractLinkable._notify_links gunicorn-registry stderr | AssertionError: (None, ) gunicorn-registry stderr | 2025-11-04T09:03:04Z failed with AssertionError reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:03:04,954 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:03:04,954 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:25.956600+00:00 (in 21.002230 seconds) gcworker stdout | 2025-11-04 09:03:04,954 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:34 GMT)" (scheduled at 2025-11-04 09:03:04.952363+00:00) gcworker stdout | 2025-11-04 09:03:04,954 [67] [DEBUG] [peewee] ('SELECT DISTINCT "t1"."removed_tag_expiration_s" FROM "user" AS "t1" LIMIT %s', [100]) gcworker stdout | 2025-11-04 09:03:04,967 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037384966, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:03:04,973 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:03:04,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:03:04,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:34 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:03:07,253 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:03:07,254 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:07 GMT)" (scheduled at 2025-11-04 09:03:07.252445+00:00) securityworker stdout | 2025-11-04 09:03:07,254 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:03:07,254 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:03:07,254 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:21.254713+00:00 (in 14.000013 seconds) securityworker stdout | 2025-11-04 09:03:07,256 [93] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 securityworker stdout | 2025-11-04 09:03:07,269 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:03:07,271 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:03:07,282 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:03:07,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,285 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:07,285 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,286 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 21, 31]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 21-31 by worker securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 21-31 by worker securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 21-31 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-31 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 21-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-21 securityworker stdout | 2025-11-04 09:03:07,290 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-21 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stdout | 2025-11-04 09:03:07,291 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 4, 14]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 4-14 by worker securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 4-14 by worker securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 4-14 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-14 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 4-14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 4-14 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Left range 4-14 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-21 securityworker stdout | 2025-11-04 09:03:07,294 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-21 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:03:07,295 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 14, 24]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-14 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-14 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Merging with block 21-31 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 21-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-31 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-31 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Left range 4-31 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-49 securityworker stdout | 2025-11-04 09:03:07,298 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 4-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,299 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 31, 41]) securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-31 securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-31 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-41 securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Left range 4-41 securityworker stdout | 2025-11-04 09:03:07,302 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 41-49 securityworker stdout | 2025-11-04 09:03:07,303 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 41 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-41 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 4-41 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 41-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 41 securityworker stdout | 2025-11-04 09:03:07,303 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 41, 49]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 41-49 by worker securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 41-49 by worker securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 41-49 securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-41 securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-41 securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 4 securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Total range: 1-4 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 41-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-41 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-41 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 4 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-4 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-4 securityworker stdout | 2025-11-04 09:03:07,307 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-4 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:07,308 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:07,311 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,312 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 9, 19]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 9-19 by worker securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 9-19 by worker securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 9-19 securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-19 securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 9-19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-49 securityworker stdout | 2025-11-04 09:03:07,315 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,317 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 27, 37]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 27-37 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Right range 27-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 27-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Right range 27-37 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-27 securityworker stdout | 2025-11-04 09:03:07,320 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-27 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:03:07,321 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 19, 29]) securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-19 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-19 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Merging with block 27-37 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-37 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-19 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 27-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,324 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,325 [93] [DEBUG] [util.migrate.allocator] Left range 9-37 securityworker stdout | 2025-11-04 09:03:07,325 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 37-49 securityworker stdout | 2025-11-04 09:03:07,325 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 37-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,326 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 37, 47]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-37 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-37 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-47 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-37 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-47 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Left range 9-47 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:03:07,329 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-47 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stdout | 2025-11-04 09:03:07,330 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 47, 49]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-47 securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-47 securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 9 securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,333 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:07,334 [93] [DEBUG] [util.migrate.allocator] Total range: 1-9 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-47 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-47 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 9 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-9 securityworker stdout | 2025-11-04 09:03:07,334 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,334 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-9 securityworker stdout | 2025-11-04 09:03:07,334 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-9 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:07,335 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 1, 11]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:07,338 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,339 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 14, 24]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 14-24 securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Left range 14-24 securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-49 securityworker stdout | 2025-11-04 09:03:07,344 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:03:07,345 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 32, 42]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Left range 14-24 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Right range 32-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Right range 32-42 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-32 securityworker stdout | 2025-11-04 09:03:07,348 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-32 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 24 securityworker stdout | 2025-11-04 09:03:07,349 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 24, 34]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 14-24 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Already merged with block 14-24 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Merging with block 32-42 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 14-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 14-24 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 32-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 14-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,352 [93] [DEBUG] [util.migrate.allocator] Right range 14-42 securityworker stdout | 2025-11-04 09:03:07,353 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-14 securityworker stdout | 2025-11-04 09:03:07,353 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 4 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Right range 14-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 4 securityworker stdout | 2025-11-04 09:03:07,353 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 2, 12]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:03:07,356 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:03:07,356 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:03:07,356 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stdout | 2025-11-04 09:03:07,356 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:03:07,356 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,357 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:03:07,357 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Right range 14-42 securityworker stdout | 2025-11-04 09:03:07,357 [93] [DEBUG] [util.migrate.allocator] Right range 14-42 securityworker stdout | 2025-11-04 09:03:07,357 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-14 securityworker stdout | 2025-11-04 09:03:07,357 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-14 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stdout | 2025-11-04 09:03:07,357 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 12, 22]) securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:03:07,360 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:03:07,360 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:03:07,360 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stdout | 2025-11-04 09:03:07,360 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stdout | 2025-11-04 09:03:07,360 [93] [DEBUG] [util.migrate.allocator] Merging with block 14-42 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 14-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Left range 2-42 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stdout | 2025-11-04 09:03:07,361 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 42, 49]) securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-42 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-42 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 2 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Total range: 1-2 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-42 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 2 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-2 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:03:07,365 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:07,366 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 7, 270715), 1, 11]) securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:03:07,369 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:07,370 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:03:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:07,370 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:03:07,445 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:03:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:37.446883+00:00 (in 30.001580 seconds) namespacegcworker stdout | 2025-11-04 09:03:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:07 GMT)" (scheduled at 2025-11-04 09:03:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:03:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:03:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 7, 445636), True, datetime.datetime(2025, 11, 4, 9, 3, 7, 445636), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:03:07,458 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:03:07,458 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:03:07,458 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:03:07,559 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:03:07,744 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:08,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:08,142 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:14.140529+00:00 (in 5.997929 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:08,142 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:08:08 GMT)" (scheduled at 2025-11-04 09:03:08.142131+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:08,143 [79] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 3, 8, 142966), 'proxycacheblob/%']) proxycacheblobworker stdout | 2025-11-04 09:03:08,156 [79] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 3, 8, 142966), True, datetime.datetime(2025, 11, 4, 9, 3, 8, 142966), 0, 'proxycacheblob/%']) proxycacheblobworker stdout | 2025-11-04 09:03:08,160 [79] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 3, 8, 142966), True, datetime.datetime(2025, 11, 4, 9, 3, 8, 142966), 0, 'proxycacheblob/%', False, datetime.datetime(2025, 11, 4, 9, 3, 8, 142966), 'proxycacheblob/%']) proxycacheblobworker stdout | 2025-11-04 09:03:08,163 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:08,163 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:08:08 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:03:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:19.156372+00:00 (in 9.999524 seconds) notificationworker stdout | 2025-11-04 09:03:09,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:19 GMT)" (scheduled at 2025-11-04 09:03:09.156372+00:00) notificationworker stdout | 2025-11-04 09:03:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:03:09,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 9, 157202), True, datetime.datetime(2025, 11, 4, 9, 3, 9, 157202), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:03:09,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:03:09,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:03:09,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:03:09,520 [246] [DEBUG] [app] Starting request: urn:request:661d6935-00f9-4ba0-b85b-9a412097ca67 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:03:09,528 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): localhost:8080 gunicorn-registry stdout | 2025-11-04 09:03:09,540 [263] [DEBUG] [app] Starting request: urn:request:102faa0c-e3f5-4a51-825c-e9e3a97760e8 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:09,542 [263] [DEBUG] [app] Ending request: urn:request:102faa0c-e3f5-4a51-825c-e9e3a97760e8 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:102faa0c-e3f5-4a51-825c-e9e3a97760e8', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.007 162 0.007) gunicorn-registry stdout | 2025-11-04 09:03:09,543 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:09,543 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:09,545 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:09,546 [246] [DEBUG] [app] Starting request: urn:request:2fbbbc45-eb67-4f2a-b9c7-928a0dace52c (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:09,547 [246] [DEBUG] [app] Ending request: urn:request:2fbbbc45-eb67-4f2a-b9c7-928a0dace52c (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:2fbbbc45-eb67-4f2a-b9c7-928a0dace52c', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:03:09,548 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:09,548 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:09,551 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."kid", "t1"."service", "t1"."jwk", "t1"."metadata", "t1"."created_date", "t1"."expiration_date", "t1"."rotation_duration", "t1"."approval_id" FROM "servicekey" AS "t1" LEFT OUTER JOIN "servicekeyapproval" AS "t2" ON ("t1"."approval_id" = "t2"."id") WHERE ((((NOT ("t1"."approval_id" IS %s) AND (("t1"."expiration_date" > %s) OR ("t1"."expiration_date" IS %s))) AND ("t1"."service" = %s)) AND (NOT (("t1"."service" = %s) AND ("t1"."expiration_date" <= %s)) OR NOT ((("t1"."service" = %s) AND ("t1"."approval_id" IS %s)) AND ("t1"."created_date" <= %s)))) AND (NOT ("t1"."expiration_date" <= %s) OR ("t1"."expiration_date" IS %s)))', [None, datetime.datetime(2025, 11, 4, 9, 3, 9, 549996), None, 'quay', 'quay', datetime.datetime(2025, 11, 4, 9, 3, 9, 550033), 'quay', None, datetime.datetime(2025, 11, 3, 9, 3, 9, 550080), datetime.datetime(2025, 10, 28, 9, 3, 9, 550108), None]) gunicorn-web stdout | 2025-11-04 09:03:09,565 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:09,566 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:09,566 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:09,574 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:09,574 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:09,577 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:09,581 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:09,584 [246] [DEBUG] [app] Ending request: urn:request:661d6935-00f9-4ba0-b85b-9a412097ca67 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:661d6935-00f9-4ba0-b85b-9a412097ca67', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:09,584 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:09,585 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.069 118 0.069) gunicorn-web stdout | 2025-11-04 09:03:09,587 [246] [DEBUG] [app] Starting request: urn:request:3c522cf7-6a78-4d3d-83ad-3e003e095a62 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:03:09,592 [257] [DEBUG] [app] Starting request: urn:request:ad88cef0-de55-47d8-8cd1-776e51891745 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:09,594 [257] [DEBUG] [app] Ending request: urn:request:ad88cef0-de55-47d8-8cd1-776e51891745 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:ad88cef0-de55-47d8-8cd1-776e51891745', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.007 162 0.007) gunicorn-web stdout | 2025-11-04 09:03:09,595 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-registry stdout | 2025-11-04 09:03:09,595 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:09,596 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:09,601 [247] [DEBUG] [app] Starting request: urn:request:da0afa07-b7d6-48bd-b300-818986582e34 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:09,604 [247] [DEBUG] [app] Ending request: urn:request:da0afa07-b7d6-48bd-b300-818986582e34 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:da0afa07-b7d6-48bd-b300-818986582e34', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.008 159 0.008) gunicorn-web stdout | 2025-11-04 09:03:09,605 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:09,605 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:09,605 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:09,605 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:09,606 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:09,613 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:09,613 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:09,624 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:09,628 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:09,631 [246] [DEBUG] [app] Ending request: urn:request:3c522cf7-6a78-4d3d-83ad-3e003e095a62 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:3c522cf7-6a78-4d3d-83ad-3e003e095a62', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:09,631 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:09,632 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.046 118 0.046) securityscanningnotificationworker stdout | 2025-11-04 09:03:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:03:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:10 GMT)" (scheduled at 2025-11-04 09:03:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:03:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:03:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 10, 744903), True, datetime.datetime(2025, 11, 4, 9, 3, 10, 744903), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:03:10,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:27.745810+00:00 (in 16.999490 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:03:10,759 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:03:10,759 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:03:10,760 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:03:10,865 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:03:12,048 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:03:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:03:12,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:12 GMT)" (scheduled at 2025-11-04 09:03:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:03:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:03:12,953 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:42.952336+00:00 (in 29.998888 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:03:12,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:03:12,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:42 GMT)" executed successfully gcworker stdout | 2025-11-04 09:03:13,366 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:24.140529+00:00 (in 9.999545 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:24 GMT)" (scheduled at 2025-11-04 09:03:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:03:14,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 14, 141371), True, datetime.datetime(2025, 11, 4, 9, 3, 14, 141371), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:03:14,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:03:14,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:14,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:24 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:03:16,051 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:03:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:03:16,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:16 GMT)" (scheduled at 2025-11-04 09:03:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:03:16,131 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:46.130127+00:00 (in 29.998935 seconds) autopruneworker stdout | 2025-11-04 09:03:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243396138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:03:16,145 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:03:16,145 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:03:16,145 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:46 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:03:16,282 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:16,282 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:16,330 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:16,331 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:16,331 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:03:16,344 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:03:16,344 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:16 GMT)" (scheduled at 2025-11-04 09:03:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:03:16,345 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:03:16,345 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:16 GMT)" executed successfully exportactionlogsworker stdout | 2025-11-04 09:03:16,345 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:28.340417+00:00 (in 11.994910 seconds) exportactionlogsworker stdout | 2025-11-04 09:03:18,641 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:03:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:29.156372+00:00 (in 9.999552 seconds) notificationworker stdout | 2025-11-04 09:03:19,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:29 GMT)" (scheduled at 2025-11-04 09:03:19.156372+00:00) notificationworker stdout | 2025-11-04 09:03:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:03:19,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 19, 157195), True, datetime.datetime(2025, 11, 4, 9, 3, 19, 157195), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:03:19,172 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:03:19,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:03:19,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,246 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:19 GMT)" (scheduled at 2025-11-04 09:03:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,247 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,247 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:20.247243+00:00 (in 0.999309 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,259 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,259 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:03:19,259 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:03:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:03:19,636 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:19 GMT)" (scheduled at 2025-11-04 09:03:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:03:19,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 3, 19, 637048), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:03:19,638 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:49.635986+00:00 (in 29.997891 seconds) buildlogsarchiver stdout | 2025-11-04 09:03:19,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:03:19,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:03:19,651 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,247 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:19.245377+00:00 (in 58.997615 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,247 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:20 GMT)" (scheduled at 2025-11-04 09:03:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,261 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,261 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:03:20,262 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:03:20,853 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:03:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:03:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:37.252445+00:00 (in 15.996674 seconds) securityworker stdout | 2025-11-04 09:03:21,256 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:51 GMT)" (scheduled at 2025-11-04 09:03:21.254713+00:00) securityworker stdout | 2025-11-04 09:03:21,256 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:03:21,256 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:03:21,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:03:21,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:03:21,277 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:21,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:21,277 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:21,277 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:21,278 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:21,283 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:21,283 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:21,284 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:21,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 21, 262720), 1, 49]) securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:21,289 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:21,290 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 21, 262720), 1, 49]) securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:21,295 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:03:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:21,296 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:03:21,550 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:03:21,755 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:03:21,843 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:03:22,256 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:03:23,947 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:24,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:27.142482+00:00 (in 3.001465 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:34 GMT)" (scheduled at 2025-11-04 09:03:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:03:24,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 24, 141370), True, datetime.datetime(2025, 11, 4, 9, 3, 24, 141370), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:03:24,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:03:24,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:24,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:03:24,519 [248] [DEBUG] [app] Starting request: urn:request:ba3666e2-eb75-4824-9446-36eb1785324c (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:03:24,526 [248] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): localhost:8080 gunicorn-registry stdout | 2025-11-04 09:03:24,528 [257] [DEBUG] [app] Starting request: urn:request:fdd66414-8cab-4883-a06e-f51bd600a114 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:24,528 [257] [DEBUG] [app] Ending request: urn:request:fdd66414-8cab-4883-a06e-f51bd600a114 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:fdd66414-8cab-4883-a06e-f51bd600a114', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:03:24,529 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:03:24,529 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:24,530 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:24,535 [249] [DEBUG] [app] Starting request: urn:request:2d858c61-da1f-4b2c-af60-a6f2ab3cebcd (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:24,536 [249] [DEBUG] [app] Ending request: urn:request:2d858c61-da1f-4b2c-af60-a6f2ab3cebcd (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:2d858c61-da1f-4b2c-af60-a6f2ab3cebcd', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.006 159 0.006) gunicorn-web stdout | 2025-11-04 09:03:24,537 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:24,537 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:24,540 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."kid", "t1"."service", "t1"."jwk", "t1"."metadata", "t1"."created_date", "t1"."expiration_date", "t1"."rotation_duration", "t1"."approval_id" FROM "servicekey" AS "t1" LEFT OUTER JOIN "servicekeyapproval" AS "t2" ON ("t1"."approval_id" = "t2"."id") WHERE ((((NOT ("t1"."approval_id" IS %s) AND (("t1"."expiration_date" > %s) OR ("t1"."expiration_date" IS %s))) AND ("t1"."service" = %s)) AND (NOT (("t1"."service" = %s) AND ("t1"."expiration_date" <= %s)) OR NOT ((("t1"."service" = %s) AND ("t1"."approval_id" IS %s)) AND ("t1"."created_date" <= %s)))) AND (NOT ("t1"."expiration_date" <= %s) OR ("t1"."expiration_date" IS %s)))', [None, datetime.datetime(2025, 11, 4, 9, 3, 24, 538522), None, 'quay', 'quay', datetime.datetime(2025, 11, 4, 9, 3, 24, 538557), 'quay', None, datetime.datetime(2025, 11, 3, 9, 3, 24, 538586), datetime.datetime(2025, 10, 28, 9, 3, 24, 538925), None]) gunicorn-web stdout | 2025-11-04 09:03:24,552 [248] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:24,553 [248] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:24,553 [248] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:24,561 [248] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:24,561 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:24,564 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:24,567 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:24,571 [248] [DEBUG] [app] Ending request: urn:request:ba3666e2-eb75-4824-9446-36eb1785324c (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:ba3666e2-eb75-4824-9446-36eb1785324c', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:24,572 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.056 118 0.056) gunicorn-web stdout | 2025-11-04 09:03:24,572 [248] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" gunicorn-web stdout | 2025-11-04 09:03:24,586 [249] [DEBUG] [app] Starting request: urn:request:fe4d27e7-163e-4482-837d-e61b04c12a64 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:03:24,592 [249] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): localhost:8080 gunicorn-registry stdout | 2025-11-04 09:03:24,594 [257] [DEBUG] [app] Starting request: urn:request:997d96d1-da13-4138-96b3-4c2a236266b7 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:24,594 [257] [DEBUG] [app] Ending request: urn:request:997d96d1-da13-4138-96b3-4c2a236266b7 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:997d96d1-da13-4138-96b3-4c2a236266b7', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-registry stdout | 2025-11-04 09:03:24,594 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:24,595 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:24,596 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:24,598 [248] [DEBUG] [app] Starting request: urn:request:39fb4d58-a2ee-442c-a60a-8ab41669aaba (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:24,598 [248] [DEBUG] [app] Ending request: urn:request:39fb4d58-a2ee-442c-a60a-8ab41669aaba (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:39fb4d58-a2ee-442c-a60a-8ab41669aaba', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:03:24,598 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:24,599 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:24,601 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."kid", "t1"."service", "t1"."jwk", "t1"."metadata", "t1"."created_date", "t1"."expiration_date", "t1"."rotation_duration", "t1"."approval_id" FROM "servicekey" AS "t1" LEFT OUTER JOIN "servicekeyapproval" AS "t2" ON ("t1"."approval_id" = "t2"."id") WHERE ((((NOT ("t1"."approval_id" IS %s) AND (("t1"."expiration_date" > %s) OR ("t1"."expiration_date" IS %s))) AND ("t1"."service" = %s)) AND (NOT (("t1"."service" = %s) AND ("t1"."expiration_date" <= %s)) OR NOT ((("t1"."service" = %s) AND ("t1"."approval_id" IS %s)) AND ("t1"."created_date" <= %s)))) AND (NOT ("t1"."expiration_date" <= %s) OR ("t1"."expiration_date" IS %s)))', [None, datetime.datetime(2025, 11, 4, 9, 3, 24, 600320), None, 'quay', 'quay', datetime.datetime(2025, 11, 4, 9, 3, 24, 600355), 'quay', None, datetime.datetime(2025, 11, 3, 9, 3, 24, 600383), datetime.datetime(2025, 10, 28, 9, 3, 24, 600720), None]) gunicorn-web stdout | 2025-11-04 09:03:24,614 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:24,615 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:24,615 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:24,622 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:24,622 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:24,625 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:24,628 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:24,631 [249] [DEBUG] [app] Ending request: urn:request:fe4d27e7-163e-4482-837d-e61b04c12a64 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:fe4d27e7-163e-4482-837d-e61b04c12a64', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:24,632 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:24,632 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.046 118 0.046) globalpromstats stdout | 2025-11-04 09:03:25,543 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:03:25,755 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:03:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:03:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:34.952363+00:00 (in 8.995337 seconds) gcworker stdout | 2025-11-04 09:03:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:55 GMT)" (scheduled at 2025-11-04 09:03:25.956600+00:00) gcworker stdout | 2025-11-04 09:03:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:03:25,971 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246705970, None, 1, 0]) gcworker stdout | 2025-11-04 09:03:25,975 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:03:25,975 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:03:55 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:03:26,063 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:26,763 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:03:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:03:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:27 GMT)" (scheduled at 2025-11-04 09:03:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:03:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:03:27,066 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 27, 64844), True, datetime.datetime(2025, 11, 4, 9, 3, 27, 64844), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:03:27,066 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:51.065407+00:00 (in 23.998904 seconds) repositorygcworker stdout | 2025-11-04 09:03:27,080 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:03:27,081 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:03:27,081 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:03:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:27,142 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:34.140529+00:00 (in 6.997595 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" (scheduled at 2025-11-04 09:03:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:03:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:03:27,257 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:03:27,451 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:03:27,655 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:03:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:03:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:10.743793+00:00 (in 42.997483 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:03:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" (scheduled at 2025-11-04 09:03:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:03:27,746 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:03:27,746 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" executed successfully exportactionlogsworker stdout | 2025-11-04 09:03:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:03:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:16.343350+00:00 (in 48.002468 seconds) exportactionlogsworker stdout | 2025-11-04 09:03:28,341 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:28 GMT)" (scheduled at 2025-11-04 09:03:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:03:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:03:28,342 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 28, 341252), True, datetime.datetime(2025, 11, 4, 9, 3, 28, 341252), 0, 'exportactionlogs/%', 50, 1, 0]) expiredappspecifictokenworker stdout | 2025-11-04 09:03:28,343 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:03:28,354 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:03:28,354 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:03:28,354 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:28 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:03:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:29.157944+00:00 (in 0.001110 seconds) notificationworker stdout | 2025-11-04 09:03:29,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:39 GMT)" (scheduled at 2025-11-04 09:03:29.156372+00:00) notificationworker stdout | 2025-11-04 09:03:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:03:29,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 29, 157256), True, datetime.datetime(2025, 11, 4, 9, 3, 29, 157256), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:03:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:29,159 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:29 GMT)" (scheduled at 2025-11-04 09:03:29.157944+00:00) notificationworker stdout | 2025-11-04 09:03:29,159 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:03:29,159 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:03:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:03:29,159 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:39.156372+00:00 (in 9.996411 seconds) notificationworker stdout | 2025-11-04 09:03:29,172 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:03:29,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:03:29,173 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:03:29,260 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:03:29,461 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:03:30,465 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:03:30,553 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:03:31,289 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:03:31,292 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:03:31,292 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:03:31,646 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:03:31,646 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:31.643382+00:00 (in 59.996621 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:03:31,646 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:31 GMT)" (scheduled at 2025-11-04 09:03:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:03:31,647 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:03:31,659 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:03:31,659 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:31 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:03:33,548 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,554 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,551 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,558 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,552 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,553 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,629 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,649 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:03:33,647 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:34,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:44.140529+00:00 (in 9.999575 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:44 GMT)" (scheduled at 2025-11-04 09:03:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:03:34,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 34, 141293), True, datetime.datetime(2025, 11, 4, 9, 3, 34, 141293), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:03:34,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:03:34,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:34,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:44 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:03:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:03:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:55.956600+00:00 (in 21.003714 seconds) gcworker stdout | 2025-11-04 09:03:34,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:04 GMT)" (scheduled at 2025-11-04 09:03:34.952363+00:00) gcworker stdout | 2025-11-04 09:03:34,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037414953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:03:34,970 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:03:34,970 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:03:34,970 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:04 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:03:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:03:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:51.254713+00:00 (in 14.001782 seconds) securityworker stdout | 2025-11-04 09:03:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:07 GMT)" (scheduled at 2025-11-04 09:03:37.252445+00:00) securityworker stdout | 2025-11-04 09:03:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:03:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:03:37,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:03:37,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:03:37,270 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:03:37,271 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:07 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:03:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:03:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:07.444700+00:00 (in 29.997357 seconds) namespacegcworker stdout | 2025-11-04 09:03:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:37 GMT)" (scheduled at 2025-11-04 09:03:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:03:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:03:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:03:37,573 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:03:37,759 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:03:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:49.156372+00:00 (in 9.999528 seconds) notificationworker stdout | 2025-11-04 09:03:39,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:49 GMT)" (scheduled at 2025-11-04 09:03:39.156372+00:00) notificationworker stdout | 2025-11-04 09:03:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:03:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 39, 157208), True, datetime.datetime(2025, 11, 4, 9, 3, 39, 157208), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:03:39,173 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:03:39,173 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:03:39,173 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:03:39,516 [249] [DEBUG] [app] Starting request: urn:request:a3c7ca95-8d9e-4b52-b04e-e3e7f6b2f2e3 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:03:39,518 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:03:39,520 [257] [DEBUG] [app] Starting request: urn:request:a607acea-e9e9-4326-a420-b87335a209ae (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:39,521 [257] [DEBUG] [app] Ending request: urn:request:a607acea-e9e9-4326-a420-b87335a209ae (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:a607acea-e9e9-4326-a420-b87335a209ae', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.003 162 0.003) gunicorn-registry stdout | 2025-11-04 09:03:39,522 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:39,522 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:39,523 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:39,524 [247] [DEBUG] [app] Starting request: urn:request:0801df5f-7964-49ce-8720-412000a9c1bf (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:39,525 [247] [DEBUG] [app] Ending request: urn:request:0801df5f-7964-49ce-8720-412000a9c1bf (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:0801df5f-7964-49ce-8720-412000a9c1bf', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:03:39,525 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:39,525 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:03:39,526 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:39,526 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:39,526 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:39,533 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:39,533 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:39,544 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:39,547 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:39,550 [249] [DEBUG] [app] Ending request: urn:request:a3c7ca95-8d9e-4b52-b04e-e3e7f6b2f2e3 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:a3c7ca95-8d9e-4b52-b04e-e3e7f6b2f2e3', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:39,551 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:39,551 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.035) gunicorn-web stdout | 2025-11-04 09:03:39,588 [246] [DEBUG] [app] Starting request: urn:request:1a26995d-5e68-4133-af8d-b7114957eb4d (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:03:39,589 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:03:39,590 [257] [DEBUG] [app] Starting request: urn:request:bc5e9fe8-9687-4154-8c7e-b8048b93f0d9 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:39,591 [257] [DEBUG] [app] Ending request: urn:request:bc5e9fe8-9687-4154-8c7e-b8048b93f0d9 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:bc5e9fe8-9687-4154-8c7e-b8048b93f0d9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:03:39,591 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:03:39,591 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:39,592 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:39,596 [249] [DEBUG] [app] Starting request: urn:request:3a5be7d5-c37e-4694-9bc7-d5bf0a96a380 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:39,597 [249] [DEBUG] [app] Ending request: urn:request:3a5be7d5-c37e-4694-9bc7-d5bf0a96a380 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:3a5be7d5-c37e-4694-9bc7-d5bf0a96a380', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:03:39,598 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:39,598 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:03:39,598 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:39,598 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:39,598 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:39,607 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:39,607 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:39,618 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:39,622 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:39,625 [246] [DEBUG] [app] Ending request: urn:request:1a26995d-5e68-4133-af8d-b7114957eb4d (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:1a26995d-5e68-4133-af8d-b7114957eb4d', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:39,625 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:39,626 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.039 118 0.038) autopruneworker stdout | 2025-11-04 09:03:40,881 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:03:42,065 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:03:42,953 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:03:42,953 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:12.952336+00:00 (in 29.999017 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:03:42,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:12 GMT)" (scheduled at 2025-11-04 09:03:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:03:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:03:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:03:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:12 GMT)" executed successfully gcworker stdout | 2025-11-04 09:03:43,382 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:54.140529+00:00 (in 9.998665 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:44,142 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:54 GMT)" (scheduled at 2025-11-04 09:03:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:44,142 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:03:44,143 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 44, 142233), True, datetime.datetime(2025, 11, 4, 9, 3, 44, 142233), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:03:44,156 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:03:44,156 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:44,156 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:54 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:03:46,067 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:03:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:03:46,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:16.130127+00:00 (in 29.999553 seconds) autopruneworker stdout | 2025-11-04 09:03:46,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:16 GMT)" (scheduled at 2025-11-04 09:03:46.130127+00:00) autopruneworker stdout | 2025-11-04 09:03:46,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243426138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:03:46,143 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:03:46,143 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:03:46,143 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:03:46,300 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:46,302 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:46,350 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:46,349 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:03:46,351 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:03:48,657 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:03:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:03:59.156372+00:00 (in 9.999540 seconds) notificationworker stdout | 2025-11-04 09:03:49,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:59 GMT)" (scheduled at 2025-11-04 09:03:49.156372+00:00) notificationworker stdout | 2025-11-04 09:03:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:03:49,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 49, 157257), True, datetime.datetime(2025, 11, 4, 9, 3, 49, 157257), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:03:49,172 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:03:49,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:03:49,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:03:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:03:49,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:03:49,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:19.635986+00:00 (in 29.999463 seconds) buildlogsarchiver stdout | 2025-11-04 09:03:49,636 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:19 GMT)" (scheduled at 2025-11-04 09:03:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:03:49,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 3, 49, 636852), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:03:49,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:03:49,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:03:49,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:19 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:03:50,868 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:03:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:03:51,066 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:27.063966+00:00 (in 35.997935 seconds) repositorygcworker stdout | 2025-11-04 09:03:51,066 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:51 GMT)" (scheduled at 2025-11-04 09:03:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:03:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:03:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:51 GMT)" executed successfully securityworker stdout | 2025-11-04 09:03:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:03:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:07.252445+00:00 (in 15.997296 seconds) securityworker stdout | 2025-11-04 09:03:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:21 GMT)" (scheduled at 2025-11-04 09:03:51.254713+00:00) securityworker stdout | 2025-11-04 09:03:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:03:51,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:03:51,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:03:51,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:51,275 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:51,275 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:51,275 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:51,275 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:51,276 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:51,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 58, 51, 262643), 1, 49]) securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:51,286 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:03:51,286 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:03:51,287 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:03:51,288 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 58, 51, 262643), 1, 49]) securityworker stdout | 2025-11-04 09:03:51,291 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:51,291 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:03:51,291 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:03:51,292 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:03:51,292 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:03:51,292 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:03:51,292 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:51,292 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:03:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:03:51,292 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:21 GMT)" executed successfully servicekey stdout | 2025-11-04 09:03:51,565 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:03:51,770 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:03:51,856 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:03:52,271 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:03:53,961 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:54,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:03:54,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:04.140529+00:00 (in 9.999055 seconds) proxycacheblobworker stdout | 2025-11-04 09:03:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:04 GMT)" (scheduled at 2025-11-04 09:03:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:03:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:03:54,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 54, 141830), True, datetime.datetime(2025, 11, 4, 9, 3, 54, 141830), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:03:54,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:03:54,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:03:54,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:03:54,517 [246] [DEBUG] [app] Starting request: urn:request:ce60df5f-77d4-469e-bebb-0943b93e2755 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:03:54,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:03:54,519 [257] [DEBUG] [app] Starting request: urn:request:0965278f-71fe-470c-b813-0775d8d5c333 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:54,520 [257] [DEBUG] [app] Ending request: urn:request:0965278f-71fe-470c-b813-0775d8d5c333 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:0965278f-71fe-470c-b813-0775d8d5c333', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:03:54,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:03:54,520 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:54,521 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:54,522 [246] [DEBUG] [app] Starting request: urn:request:e08462c4-553d-464e-a23b-6c06cfe3f35a (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:54,523 [246] [DEBUG] [app] Ending request: urn:request:e08462c4-553d-464e-a23b-6c06cfe3f35a (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:e08462c4-553d-464e-a23b-6c06cfe3f35a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:03:54,523 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:54,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:54,524 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:54,524 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:54,524 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:54,532 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:54,532 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:54,542 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:54,545 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:54,548 [246] [DEBUG] [app] Ending request: urn:request:ce60df5f-77d4-469e-bebb-0943b93e2755 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:ce60df5f-77d4-469e-bebb-0943b93e2755', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:54,548 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:54,548 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:03:54,587 [246] [DEBUG] [app] Starting request: urn:request:6cc50d1c-706d-4265-83ef-a2da7db8a00c (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:03:54,591 [264] [DEBUG] [app] Starting request: urn:request:608dd556-8f7e-4f40-86cd-cd2b784a5f1d (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:03:54,592 [264] [DEBUG] [app] Ending request: urn:request:608dd556-8f7e-4f40-86cd-cd2b784a5f1d (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:608dd556-8f7e-4f40-86cd-cd2b784a5f1d', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.005 162 0.004) gunicorn-registry stdout | 2025-11-04 09:03:54,593 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:54,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:03:54,593 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:03:54,595 [249] [DEBUG] [app] Starting request: urn:request:1a1b9112-708c-47d8-916f-43659ccb210a (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:03:54,595 [249] [DEBUG] [app] Ending request: urn:request:1a1b9112-708c-47d8-916f-43659ccb210a (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:1a1b9112-708c-47d8-916f-43659ccb210a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:03:54,595 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:03:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:03:54,595 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:03:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:03:54,596 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:03:54,596 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:03:54,596 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:03:54,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:03:54,604 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:03:54,613 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:03:54,616 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:03:54,619 [246] [DEBUG] [app] Ending request: urn:request:6cc50d1c-706d-4265-83ef-a2da7db8a00c (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:6cc50d1c-706d-4265-83ef-a2da7db8a00c', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:03:54,619 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:03:54,619 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:03:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:03:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) globalpromstats stdout | 2025-11-04 09:03:55,558 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:03:55,768 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:03:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:03:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:04.952363+00:00 (in 8.995350 seconds) gcworker stdout | 2025-11-04 09:03:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:25 GMT)" (scheduled at 2025-11-04 09:03:55.956600+00:00) gcworker stdout | 2025-11-04 09:03:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:03:55,970 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246735970, None, 1, 0]) gcworker stdout | 2025-11-04 09:03:55,975 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:03:55,976 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:03:56,079 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:03:56,777 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:03:57,272 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:03:57,465 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:03:57,669 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: expiredappspecifictokenworker stdout | 2025-11-04 09:03:58,357 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:03:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:03:59,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:09.156372+00:00 (in 9.999538 seconds) notificationworker stdout | 2025-11-04 09:03:59,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:09 GMT)" (scheduled at 2025-11-04 09:03:59.156372+00:00) notificationworker stdout | 2025-11-04 09:03:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:03:59,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 3, 59, 157215), True, datetime.datetime(2025, 11, 4, 9, 3, 59, 157215), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:03:59,173 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:03:59,173 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:03:59,173 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:03:59,274 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:03:59,476 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:04:00,479 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:04:00,568 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:04:01,310 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:04:01,315 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:04:01,318 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,573 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,574 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,657 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,658 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,659 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,660 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,665 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,672 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:03,673 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:04,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:14.140529+00:00 (in 9.999441 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:14 GMT)" (scheduled at 2025-11-04 09:04:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:04:04,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 4, 141444), True, datetime.datetime(2025, 11, 4, 9, 4, 4, 141444), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:04:04,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:04:04,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:04:04,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:14 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:04:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:04:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:25.956600+00:00 (in 21.003784 seconds) gcworker stdout | 2025-11-04 09:04:04,952 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:34 GMT)" (scheduled at 2025-11-04 09:04:04.952363+00:00) gcworker stdout | 2025-11-04 09:04:04,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037444953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:04:04,970 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:04:04,971 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:04:04,971 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:34 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:04:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:04:07,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:21.254713+00:00 (in 14.001832 seconds) securityworker stdout | 2025-11-04 09:04:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:37 GMT)" (scheduled at 2025-11-04 09:04:07.252445+00:00) securityworker stdout | 2025-11-04 09:04:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:04:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:04:07,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:04:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:04:07,271 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,274 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,274 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,274 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:07,274 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:04:07,275 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 15, 25]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 15-25 by worker securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 15-25 by worker securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 15-25 securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 15-25 securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Left range 15-25 securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 25-49 securityworker stdout | 2025-11-04 09:04:07,280 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 25-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:04:07,281 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 31, 41]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:04:07,284 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:04:07,284 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stdout | 2025-11-04 09:04:07,284 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 31-41 securityworker stdout | 2025-11-04 09:04:07,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [util.migrate.allocator] Left range 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 31-41 securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [util.migrate.allocator] Right range 31-41 securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 25-31 securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 25-31 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 25 securityworker stdout | 2025-11-04 09:04:07,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 25, 35]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 25-35 by worker securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 25-35 by worker securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 25-35 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 15-25 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Already merged with block 15-25 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Merging with block 31-41 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 15-41 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 25-35 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 15-25 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 15-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Right range 15-41 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-15 securityworker stdout | 2025-11-04 09:04:07,289 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 5 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 15-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-15 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 5 securityworker stdout | 2025-11-04 09:04:07,290 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 2, 12]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Right range 15-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 15-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-15 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-15 securityworker stdout | 2025-11-04 09:04:07,293 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stdout | 2025-11-04 09:04:07,294 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 12, 22]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Merging with block 15-41 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-41 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 15-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Right range 2-41 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:04:07,297 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 2-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:07,298 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-41 securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 41 securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Total range: 41-49 securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 41-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 41-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 41-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 41 securityworker stdout | 2025-11-04 09:04:07,301 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 41 securityworker stdout | 2025-11-04 09:04:07,303 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 41, 49]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 41-49 by worker securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 41-49 by worker securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 41-49 securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 41 securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 49-41 securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 41-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 49-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:07,306 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:04:07,307 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 26, 36]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 26-36 by worker securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 26-36 by worker securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 26-36 securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 26-36 securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Left range 26-36 securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-49 securityworker stdout | 2025-11-04 09:04:07,310 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:04:07,311 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 37, 47]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:04:07,314 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:04:07,314 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stdout | 2025-11-04 09:04:07,314 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 37-47 securityworker stdout | 2025-11-04 09:04:07,314 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 37-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:04:07,314 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,315 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:04:07,315 [93] [DEBUG] [util.migrate.allocator] Right range 26-36 securityworker stdout | 2025-11-04 09:04:07,315 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-26 securityworker stdout | 2025-11-04 09:04:07,315 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-26 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stdout | 2025-11-04 09:04:07,315 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 12, 22]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-22 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 4 total holes securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Left range 26-36 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Right range 37-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 4 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 37-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-37 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-37 securityworker stdout | 2025-11-04 09:04:07,318 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 36 securityworker stdout | 2025-11-04 09:04:07,319 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 36, 46]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 26-36 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Already merged with block 26-36 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Merging with block 37-47 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 26-47 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 26-36 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 37-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 26-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Left range 12-22 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Right range 26-47 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-26 securityworker stdout | 2025-11-04 09:04:07,322 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 12-22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 26-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-26 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 22 securityworker stdout | 2025-11-04 09:04:07,323 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 22, 32]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-22 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-22 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Merging with block 26-47 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-47 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-22 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 26-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:04:07,327 [93] [DEBUG] [util.migrate.allocator] Right range 12-47 securityworker stdout | 2025-11-04 09:04:07,328 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-12 securityworker stdout | 2025-11-04 09:04:07,328 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 12-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 2 securityworker stdout | 2025-11-04 09:04:07,328 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 2, 12]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Merging with block 12-47 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-47 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 12-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Left range 2-47 securityworker stdout | 2025-11-04 09:04:07,331 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:04:07,332 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stdout | 2025-11-04 09:04:07,332 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 47, 49]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:04:07,335 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:04:07,335 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stdout | 2025-11-04 09:04:07,335 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-47 securityworker stdout | 2025-11-04 09:04:07,335 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-47 securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 2 securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Total range: 1-2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-47 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-2 securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:04:07,336 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:07,337 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 1, 11]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:07,340 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:04:07,341 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 19, 29]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-29 securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-49 securityworker stdout | 2025-11-04 09:04:07,345 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:04:07,346 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 31, 41]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:04:07,349 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:04:07,349 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 31-41 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Right range 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-19 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-19 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 9 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 9 securityworker stdout | 2025-11-04 09:04:07,350 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 3, 13]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 3-13 by worker securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 3-13 by worker securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 3-13 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 3-13 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Selected random hole 3 with 4 total holes securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Right range 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 3-13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 3-13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 3 with 4 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-31 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-31 securityworker stdout | 2025-11-04 09:04:07,354 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 29 securityworker stdout | 2025-11-04 09:04:07,355 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 29, 39]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-29 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-29 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Merging with block 31-41 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-29 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 31-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Right range 3-13 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-3 securityworker stdout | 2025-11-04 09:04:07,359 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Right range 3-13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-3 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:07,360 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 1, 11]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] Merging with block 3-13 securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 13 securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:04:07,363 [93] [DEBUG] [util.migrate.allocator] Total range: 13-49 securityworker stdout | 2025-11-04 09:04:07,364 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 3-13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 13-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Left range 19-41 securityworker stdout | 2025-11-04 09:04:07,364 [93] [DEBUG] [util.migrate.allocator] Left range 19-41 securityworker stdout | 2025-11-04 09:04:07,364 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 41-49 securityworker stdout | 2025-11-04 09:04:07,364 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 41-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 41 securityworker stdout | 2025-11-04 09:04:07,365 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 41, 49]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 41-49 by worker securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 41-49 by worker securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 41-49 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-41 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-41 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 19 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Total range: 13-19 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 41-49 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-41 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 19 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 13-19 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 13-19 securityworker stdout | 2025-11-04 09:04:07,368 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 13-19 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 13 securityworker stdout | 2025-11-04 09:04:07,369 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 7, 257397), 13, 23]) securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stdout | 2025-11-04 09:04:07,372 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stdout | 2025-11-04 09:04:07,372 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stdout | 2025-11-04 09:04:07,372 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 13 securityworker stdout | 2025-11-04 09:04:07,373 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 23 securityworker stdout | 2025-11-04 09:04:07,373 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:07,373 [93] [DEBUG] [util.migrate.allocator] Total range: 23-13 securityworker stdout | 2025-11-04 09:04:07,373 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:07,373 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 23 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] Total range: 23-13 securityworker stderr | 2025-11-04 09:04:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:07,373 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:04:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:04:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:37.446883+00:00 (in 30.001725 seconds) namespacegcworker stdout | 2025-11-04 09:04:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:07 GMT)" (scheduled at 2025-11-04 09:04:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:04:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:04:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 7, 445558), True, datetime.datetime(2025, 11, 4, 9, 4, 7, 445558), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:04:07,458 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:04:07,459 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:04:07,459 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:04:07,586 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:07,773 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:19.156372+00:00 (in 9.999579 seconds) notificationworker stdout | 2025-11-04 09:04:09,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:19 GMT)" (scheduled at 2025-11-04 09:04:09.156372+00:00) notificationworker stdout | 2025-11-04 09:04:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:04:09,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 9, 157210), True, datetime.datetime(2025, 11, 4, 9, 4, 9, 157210), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:04:09,173 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:04:09,173 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:04:09,173 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:09,517 [249] [DEBUG] [app] Starting request: urn:request:28963b1c-436a-41fa-a3f0-c1a7b43a9c54 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:04:09,519 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:04:09,529 [261] [DEBUG] [app] Starting request: urn:request:1ec9ae18-6aea-4b49-b3b9-b3b232c5ce59 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:09,530 [261] [DEBUG] [app] Ending request: urn:request:1ec9ae18-6aea-4b49-b3b9-b3b232c5ce59 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:1ec9ae18-6aea-4b49-b3b9-b3b232c5ce59', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.004 162 0.004) gunicorn-web stdout | 2025-11-04 09:04:09,531 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-registry stdout | 2025-11-04 09:04:09,531 [261] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:09,532 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:09,534 [249] [DEBUG] [app] Starting request: urn:request:02e4fba9-648f-4397-a304-df1a71aca346 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:09,534 [249] [DEBUG] [app] Ending request: urn:request:02e4fba9-648f-4397-a304-df1a71aca346 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:02e4fba9-648f-4397-a304-df1a71aca346', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:04:09,534 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:04:09,535 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:09,535 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:09,535 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:09,535 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:09,544 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:09,544 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:09,554 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:09,558 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:09,562 [249] [DEBUG] [app] Ending request: urn:request:28963b1c-436a-41fa-a3f0-c1a7b43a9c54 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:28963b1c-436a-41fa-a3f0-c1a7b43a9c54', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:09,562 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:04:09,562 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.046 118 0.046) gunicorn-web stdout | 2025-11-04 09:04:09,587 [249] [DEBUG] [app] Starting request: urn:request:5982991a-0e23-4620-b7bf-1b0b2af74f9a (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:04:09,592 [257] [DEBUG] [app] Starting request: urn:request:c5537d3a-a7e6-4a63-afaa-606d4382cb75 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:09,592 [257] [DEBUG] [app] Ending request: urn:request:c5537d3a-a7e6-4a63-afaa-606d4382cb75 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:c5537d3a-a7e6-4a63-afaa-606d4382cb75', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:04:09,592 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:04:09,593 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:09,594 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:09,595 [249] [DEBUG] [app] Starting request: urn:request:cc65dc65-27b0-4ae9-9415-d5584416811e (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:09,595 [249] [DEBUG] [app] Ending request: urn:request:cc65dc65-27b0-4ae9-9415-d5584416811e (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:cc65dc65-27b0-4ae9-9415-d5584416811e', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:04:09,596 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:09,596 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:09,597 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:09,597 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:09,597 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:09,604 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:09,604 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:09,614 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:09,617 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:09,620 [249] [DEBUG] [app] Ending request: urn:request:5982991a-0e23-4620-b7bf-1b0b2af74f9a (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:5982991a-0e23-4620-b7bf-1b0b2af74f9a', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:09,620 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) gunicorn-web stdout | 2025-11-04 09:04:09,621 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" securityscanningnotificationworker stdout | 2025-11-04 09:04:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:04:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:27.745464+00:00 (in 17.000780 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:04:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:10 GMT)" (scheduled at 2025-11-04 09:04:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:04:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:04:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 10, 745059), True, datetime.datetime(2025, 11, 4, 9, 4, 10, 745059), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:04:10,758 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:04:10,758 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:04:10,758 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:04:10,894 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:04:12,085 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:04:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:04:12,953 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:42.952336+00:00 (in 29.999228 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:04:12,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:42 GMT)" (scheduled at 2025-11-04 09:04:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:04:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:04:12,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:04:12,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:42 GMT)" executed successfully gcworker stdout | 2025-11-04 09:04:13,396 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: servicekey stdout | 2025-11-04 09:04:14,043 [94] [DEBUG] [apscheduler.scheduler] Looking for jobs to run servicekey stdout | 2025-11-04 09:04:14,044 [94] [INFO] [apscheduler.executors.default] Running job "ServiceKeyWorker._refresh_service_key (trigger: interval[0:55:00], next run at: 2025-11-04 09:04:14 GMT)" (scheduled at 2025-11-04 09:04:14.043388+00:00) servicekey stdout | 2025-11-04 09:04:14,044 [94] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:59:14.043388+00:00 (in 3299.999011 seconds) servicekey stderr | /quay-registry/workers/servicekeyworker/servicekeyworker.py:33: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). servicekey stderr | new_expiration = datetime.utcnow() + expiration_time servicekey stdout | 2025-11-04 09:04:14,044 [94] [DEBUG] [__main__] Starting automatic refresh of service key YiE6OktEc2htH6elP7YMIQI6gj9pHo4SGNMs74O4g-0 to new expiration 2025-11-04 11:04:14.044605 servicekey stdout | 2025-11-04 09:04:14,045 [94] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."kid", "t1"."service", "t1"."jwk", "t1"."metadata", "t1"."created_date", "t1"."expiration_date", "t1"."rotation_duration", "t1"."approval_id" FROM "servicekey" AS "t1" LEFT OUTER JOIN "servicekeyapproval" AS "t2" ON ("t1"."approval_id" = "t2"."id") WHERE (("t1"."kid" = %s) AND (NOT ("t1"."expiration_date" <= %s) OR ("t1"."expiration_date" IS %s))) LIMIT %s OFFSET %s', ['YiE6OktEc2htH6elP7YMIQI6gj9pHo4SGNMs74O4g-0', datetime.datetime(2025, 10, 28, 9, 4, 14, 44916), None, 1, 0]) servicekey stdout | 2025-11-04 09:04:14,058 [94] [DEBUG] [peewee] ('UPDATE "servicekey" SET "name" = %s, "kid" = %s, "service" = %s, "jwk" = %s, "metadata" = %s, "created_date" = %s, "expiration_date" = %s, "rotation_duration" = %s, "approval_id" = %s WHERE ("servicekey"."id" = %s)', ['https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com:443', 'YiE6OktEc2htH6elP7YMIQI6gj9pHo4SGNMs74O4g-0', 'quay', '{"n": "lPL8TOsBFTqUHml6nOyhEfI8xsxDq2OHojKG8YItw_9CllMBPrrhD_VQCFCEZMoa_MN8fO5piMpzTZ9KN6ixjPiXsZHM9_fYf0LcmoOrtokInRW2zyNekYOAGD5GFTKOeiv8SFZPdmHVP4Gt3d2sRVTmPbbRxBl_I5QicFK1A801d5AKi-9qlgr9Yi5VH5rZ9glpYBlyf5MiiR8vLnTnKcbauF6DVN7XHaHB5ST3L44fxmjTPV0VjNmjWojwOoGErVfYdHKZYbmvh1uQtbwuHWwMdSNe1DhRasYItQKBXD8n6eyeHh0YvlOH27mok8wAR2TToZLGwOAv4Otd8QCkZQ", "e": "AQAB", "kty": "RSA", "kid": "YiE6OktEc2htH6elP7YMIQI6gj9pHo4SGNMs74O4g-0"}', '{"created_by": "CLI tool"}', datetime.datetime(2025, 11, 4, 9, 1, 30, 234961), datetime.datetime(2025, 11, 4, 11, 4, 14, 44605), None, 5, 5]) servicekey stdout | 2025-11-04 09:04:14,063 [94] [DEBUG] [__main__] Finished automatic refresh of service key YiE6OktEc2htH6elP7YMIQI6gj9pHo4SGNMs74O4g-0 with new expiration 2025-11-04 11:04:14.044605 servicekey stdout | 2025-11-04 09:04:14,063 [94] [DEBUG] [data.database] Disconnecting from database. servicekey stdout | 2025-11-04 09:04:14,063 [94] [INFO] [apscheduler.executors.default] Job "ServiceKeyWorker._refresh_service_key (trigger: interval[0:55:00], next run at: 2025-11-04 09:59:14 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:04:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:24.140529+00:00 (in 9.999068 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:24 GMT)" (scheduled at 2025-11-04 09:04:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:04:14,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 14, 141854), True, datetime.datetime(2025, 11, 4, 9, 4, 14, 141854), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:04:14,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:04:14,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:04:14,156 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:24 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:04:16,081 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:04:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:04:16,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:46.130127+00:00 (in 29.999602 seconds) autopruneworker stdout | 2025-11-04 09:04:16,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:46 GMT)" (scheduled at 2025-11-04 09:04:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:04:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243456137, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:04:16,143 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:04:16,143 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:04:16,143 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:46 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:16,316 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:16,317 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:04:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:04:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:28.340417+00:00 (in 11.996646 seconds) exportactionlogsworker stdout | 2025-11-04 09:04:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:16 GMT)" (scheduled at 2025-11-04 09:04:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:04:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:04:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:16,366 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:16,366 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:16,367 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:04:18,670 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:29.156372+00:00 (in 9.999541 seconds) notificationworker stdout | 2025-11-04 09:04:19,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:29 GMT)" (scheduled at 2025-11-04 09:04:19.156372+00:00) notificationworker stdout | 2025-11-04 09:04:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:04:19,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 19, 157319), True, datetime.datetime(2025, 11, 4, 9, 4, 19, 157319), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:04:19,172 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:04:19,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:04:19,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:20.247243+00:00 (in 1.001416 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:19 GMT)" (scheduled at 2025-11-04 09:04:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,246 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,258 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,258 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:04:19,258 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:04:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:04:19,637 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:49.635986+00:00 (in 29.999513 seconds) buildlogsarchiver stdout | 2025-11-04 09:04:19,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:49 GMT)" (scheduled at 2025-11-04 09:04:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:04:19,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 4, 19, 637545), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:04:19,651 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:04:19,651 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:04:19,651 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,248 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:19.245377+00:00 (in 58.997357 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,248 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:20 GMT)" (scheduled at 2025-11-04 09:04:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,260 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,260 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:04:20,260 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:04:20,881 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:04:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:04:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:37.252445+00:00 (in 15.997251 seconds) securityworker stdout | 2025-11-04 09:04:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:51 GMT)" (scheduled at 2025-11-04 09:04:21.254713+00:00) securityworker stdout | 2025-11-04 09:04:21,256 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:04:21,256 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:04:21,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:04:21,263 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:21,276 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:21,276 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:21,276 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:21,276 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:21,277 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:21,282 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:21,283 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 21, 262811), 1, 49]) securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:21,288 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:21,289 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 21, 262811), 1, 49]) securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:21,293 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:04:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:21,294 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:04:21,578 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:04:21,783 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:04:21,869 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:04:22,285 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:04:23,974 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:24,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:27.142482+00:00 (in 3.001465 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:34 GMT)" (scheduled at 2025-11-04 09:04:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:04:24,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 24, 141369), True, datetime.datetime(2025, 11, 4, 9, 4, 24, 141369), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:04:24,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:04:24,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:04:24,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:24,516 [246] [DEBUG] [app] Starting request: urn:request:1457c070-8c10-4635-878a-307be241efcf (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:04:24,517 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:04:24,523 [257] [DEBUG] [app] Starting request: urn:request:50e6622f-6787-4e85-92a4-d7c635e351d4 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:24,524 [257] [DEBUG] [app] Ending request: urn:request:50e6622f-6787-4e85-92a4-d7c635e351d4 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:50e6622f-6787-4e85-92a4-d7c635e351d4', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:04:24,525 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:04:24,525 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:24,526 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:24,528 [246] [DEBUG] [app] Starting request: urn:request:94742907-eb3f-4fa5-ba0b-417d227e59c0 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:24,528 [246] [DEBUG] [app] Ending request: urn:request:94742907-eb3f-4fa5-ba0b-417d227e59c0 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:94742907-eb3f-4fa5-ba0b-417d227e59c0', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:04:24,529 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:04:24,529 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:24,529 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:24,529 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:24,529 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:24,537 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:24,537 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:24,546 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:24,549 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:24,552 [246] [DEBUG] [app] Ending request: urn:request:1457c070-8c10-4635-878a-307be241efcf (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:1457c070-8c10-4635-878a-307be241efcf', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:24,552 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:04:24,553 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.037 118 0.037) gunicorn-web stdout | 2025-11-04 09:04:24,586 [246] [DEBUG] [app] Starting request: urn:request:81a21132-9372-406c-a893-ac09b396b951 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:04:24,588 [257] [DEBUG] [app] Starting request: urn:request:6873b95c-e2c0-40a2-95ff-6209181a8f61 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:24,588 [257] [DEBUG] [app] Ending request: urn:request:6873b95c-e2c0-40a2-95ff-6209181a8f61 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:6873b95c-e2c0-40a2-95ff-6209181a8f61', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-registry stdout | 2025-11-04 09:04:24,588 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:24,588 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:24,589 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:24,590 [247] [DEBUG] [app] Starting request: urn:request:73f30a49-1c5d-499e-aebd-e19311e97476 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:24,591 [247] [DEBUG] [app] Ending request: urn:request:73f30a49-1c5d-499e-aebd-e19311e97476 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:73f30a49-1c5d-499e-aebd-e19311e97476', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:04:24,591 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:24,591 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:24,592 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:24,592 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:24,592 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:24,599 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:24,600 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:24,609 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:24,612 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:24,615 [246] [DEBUG] [app] Ending request: urn:request:81a21132-9372-406c-a893-ac09b396b951 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:81a21132-9372-406c-a893-ac09b396b951', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:24,615 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:04:24,616 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.029 118 0.029) globalpromstats stdout | 2025-11-04 09:04:25,571 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:04:25,781 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:04:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:04:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:34.952363+00:00 (in 8.995355 seconds) gcworker stdout | 2025-11-04 09:04:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:55 GMT)" (scheduled at 2025-11-04 09:04:25.956600+00:00) gcworker stdout | 2025-11-04 09:04:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:04:25,970 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246765969, None, 1, 0]) gcworker stdout | 2025-11-04 09:04:25,975 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:04:25,975 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:04:55 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:04:26,092 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:26,791 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:04:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:04:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:51.065407+00:00 (in 24.001001 seconds) repositorygcworker stdout | 2025-11-04 09:04:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:27 GMT)" (scheduled at 2025-11-04 09:04:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:04:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:04:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 27, 64719), True, datetime.datetime(2025, 11, 4, 9, 4, 27, 64719), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:04:27,082 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:04:27,082 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:04:27,082 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:04:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:27,142 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:34.140529+00:00 (in 6.997616 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:27 GMT)" (scheduled at 2025-11-04 09:04:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:04:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:04:27,285 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:04:27,478 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:04:27,684 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:04:27,745 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:04:27,745 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:27.745810+00:00 (in 0.000000 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:04:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:09:27 GMT)" (scheduled at 2025-11-04 09:04:27.745464+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,746 [87] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 4, 27, 746434), 'secscanv4/%']) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,747 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" (scheduled at 2025-11-04 09:04:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,747 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:04:27,747 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:04:27 GMT)" executed successfully securityscanningnotificationworker stdout | 2025-11-04 09:04:27,747 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:10.743793+00:00 (in 42.996338 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,758 [87] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 4, 27, 746434), True, datetime.datetime(2025, 11, 4, 9, 4, 27, 746434), 0, 'secscanv4/%']) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,762 [87] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 4, 27, 746434), True, datetime.datetime(2025, 11, 4, 9, 4, 27, 746434), 0, 'secscanv4/%', False, datetime.datetime(2025, 11, 4, 9, 4, 27, 746434), 'secscanv4/%']) securityscanningnotificationworker stdout | 2025-11-04 09:04:27,766 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:04:27,766 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:09:27 GMT)" executed successfully exportactionlogsworker stdout | 2025-11-04 09:04:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:04:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:16.343350+00:00 (in 48.002524 seconds) exportactionlogsworker stdout | 2025-11-04 09:04:28,340 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:28 GMT)" (scheduled at 2025-11-04 09:04:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:04:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:04:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 28, 341202), True, datetime.datetime(2025, 11, 4, 9, 4, 28, 341202), 0, 'exportactionlogs/%', 50, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:04:28,354 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:04:28,354 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:04:28,354 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:28 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:04:28,371 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:29.157944+00:00 (in 0.001076 seconds) notificationworker stdout | 2025-11-04 09:04:29,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:39 GMT)" (scheduled at 2025-11-04 09:04:29.156372+00:00) notificationworker stdout | 2025-11-04 09:04:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:04:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 29, 157228), True, datetime.datetime(2025, 11, 4, 9, 4, 29, 157228), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:04:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:39.156372+00:00 (in 9.998128 seconds) notificationworker stdout | 2025-11-04 09:04:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:29 GMT)" (scheduled at 2025-11-04 09:04:29.157944+00:00) notificationworker stdout | 2025-11-04 09:04:29,158 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:04:29,158 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:04:29,172 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:04:29,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:04:29,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:04:29,288 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:04:29,490 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:04:30,493 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:04:30,583 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:04:31,326 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:04:31,330 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:04:31,334 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:04:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:04:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:31.643382+00:00 (in 59.999536 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:04:31,644 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:31 GMT)" (scheduled at 2025-11-04 09:04:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:04:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:04:31,656 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:04:31,656 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:31 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:04:33,589 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,591 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,676 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,683 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,684 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,685 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,685 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,692 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:04:33,692 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:34,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:44.140529+00:00 (in 9.999097 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:44 GMT)" (scheduled at 2025-11-04 09:04:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:04:34,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 34, 141791), True, datetime.datetime(2025, 11, 4, 9, 4, 34, 141791), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:04:34,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:04:34,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:04:34,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:44 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:04:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:04:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:55.956600+00:00 (in 21.003810 seconds) gcworker stdout | 2025-11-04 09:04:34,952 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:04 GMT)" (scheduled at 2025-11-04 09:04:34.952363+00:00) gcworker stdout | 2025-11-04 09:04:34,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037474953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:04:34,970 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:04:34,970 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:04:34,970 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:04 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:04:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:04:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:51.254713+00:00 (in 14.001807 seconds) securityworker stdout | 2025-11-04 09:04:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:07 GMT)" (scheduled at 2025-11-04 09:04:37.252445+00:00) securityworker stdout | 2025-11-04 09:04:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:04:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:04:37,255 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:04:37,256 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:04:37,270 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:04:37,270 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:07 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:04:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:04:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:07.444700+00:00 (in 29.997371 seconds) namespacegcworker stdout | 2025-11-04 09:04:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:37 GMT)" (scheduled at 2025-11-04 09:04:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:04:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:04:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:04:37,598 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:37,787 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:49.156372+00:00 (in 9.999513 seconds) notificationworker stdout | 2025-11-04 09:04:39,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:49 GMT)" (scheduled at 2025-11-04 09:04:39.156372+00:00) notificationworker stdout | 2025-11-04 09:04:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:04:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 39, 157245), True, datetime.datetime(2025, 11, 4, 9, 4, 39, 157245), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:04:39,173 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:04:39,173 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:04:39,173 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:39,517 [246] [DEBUG] [app] Starting request: urn:request:a77b3d10-e51a-408d-86ae-27cb8c2fff51 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:04:39,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:04:39,520 [264] [DEBUG] [app] Starting request: urn:request:61ffaf96-45a9-4177-9a10-618897eb9c8f (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:39,520 [264] [DEBUG] [app] Ending request: urn:request:61ffaf96-45a9-4177-9a10-618897eb9c8f (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:61ffaf96-45a9-4177-9a10-618897eb9c8f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:04:39,521 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:39,521 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:04:39,522 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:39,523 [248] [DEBUG] [app] Starting request: urn:request:3dc3207a-b120-46dc-85ae-0f50b701fdd9 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:39,524 [248] [DEBUG] [app] Ending request: urn:request:3dc3207a-b120-46dc-85ae-0f50b701fdd9 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:3dc3207a-b120-46dc-85ae-0f50b701fdd9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:04:39,524 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:39,525 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.002) gunicorn-web stdout | 2025-11-04 09:04:39,525 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:39,525 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:39,525 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:39,532 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:39,532 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:39,543 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:39,546 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:39,550 [246] [DEBUG] [app] Ending request: urn:request:a77b3d10-e51a-408d-86ae-27cb8c2fff51 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:a77b3d10-e51a-408d-86ae-27cb8c2fff51', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:39,550 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.034) gunicorn-web stdout | 2025-11-04 09:04:39,551 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" gunicorn-web stdout | 2025-11-04 09:04:39,588 [246] [DEBUG] [app] Starting request: urn:request:88fd6497-6168-4ed9-8f30-5106e43b57fc (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:04:39,590 [257] [DEBUG] [app] Starting request: urn:request:9bf95d2c-f165-42a3-9383-fca3d171205a (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:39,590 [257] [DEBUG] [app] Ending request: urn:request:9bf95d2c-f165-42a3-9383-fca3d171205a (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:9bf95d2c-f165-42a3-9383-fca3d171205a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:04:39,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:39,591 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:04:39,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:39,593 [249] [DEBUG] [app] Starting request: urn:request:c483c9ad-4c66-43ac-8c07-2b6ec3db3f82 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:39,594 [249] [DEBUG] [app] Ending request: urn:request:c483c9ad-4c66-43ac-8c07-2b6ec3db3f82 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:c483c9ad-4c66-43ac-8c07-2b6ec3db3f82', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:04:39,594 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:39,594 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:04:39,595 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:39,595 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:39,595 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:39,602 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:39,602 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:39,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:39,616 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:39,619 [246] [DEBUG] [app] Ending request: urn:request:88fd6497-6168-4ed9-8f30-5106e43b57fc (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:88fd6497-6168-4ed9-8f30-5106e43b57fc', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:39,619 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:04:39,620 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) autopruneworker stdout | 2025-11-04 09:04:40,909 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:04:42,099 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:04:42,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:04:42,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:12.952336+00:00 (in 29.999581 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:04:42,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:12 GMT)" (scheduled at 2025-11-04 09:04:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:04:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:04:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:04:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:12 GMT)" executed successfully gcworker stdout | 2025-11-04 09:04:43,410 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:54.140529+00:00 (in 9.999522 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:44,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:54 GMT)" (scheduled at 2025-11-04 09:04:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:44,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:04:44,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 44, 141382), True, datetime.datetime(2025, 11, 4, 9, 4, 44, 141382), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:04:44,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:04:44,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:04:44,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:54 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:04:46,095 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:04:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:04:46,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:16.130127+00:00 (in 29.999200 seconds) autopruneworker stdout | 2025-11-04 09:04:46,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:16 GMT)" (scheduled at 2025-11-04 09:04:46.130127+00:00) autopruneworker stdout | 2025-11-04 09:04:46,139 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243486138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:04:46,145 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:04:46,145 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:04:46,145 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:46,331 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:46,332 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:46,379 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:46,387 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:04:46,390 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:04:48,684 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:04:59.156372+00:00 (in 9.999519 seconds) notificationworker stdout | 2025-11-04 09:04:49,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:59 GMT)" (scheduled at 2025-11-04 09:04:49.156372+00:00) notificationworker stdout | 2025-11-04 09:04:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:04:49,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 49, 157264), True, datetime.datetime(2025, 11, 4, 9, 4, 49, 157264), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:04:49,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:04:49,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:04:49,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:04:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:04:49,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:04:49,637 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:19.635986+00:00 (in 29.998744 seconds) buildlogsarchiver stdout | 2025-11-04 09:04:49,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:19 GMT)" (scheduled at 2025-11-04 09:04:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:04:49,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 4, 49, 637550), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:04:49,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:04:49,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:04:49,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:19 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:04:50,894 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:04:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:04:51,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:27.063966+00:00 (in 35.998156 seconds) repositorygcworker stdout | 2025-11-04 09:04:51,065 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:51 GMT)" (scheduled at 2025-11-04 09:04:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:04:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:04:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:05:51 GMT)" executed successfully securityworker stdout | 2025-11-04 09:04:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:04:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:07.252445+00:00 (in 15.997276 seconds) securityworker stdout | 2025-11-04 09:04:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:21 GMT)" (scheduled at 2025-11-04 09:04:51.254713+00:00) securityworker stdout | 2025-11-04 09:04:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:04:51,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:04:51,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:04:51,263 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:51,275 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:51,276 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:51,276 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:51,276 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:51,277 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:51,281 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:51,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 8, 59, 51, 263666), 1, 49]) securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:04:51,285 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:04:51,286 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 8, 59, 51, 263666), 1, 49]) securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:51,290 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:04:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:04:51,290 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:21 GMT)" executed successfully servicekey stdout | 2025-11-04 09:04:51,591 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:04:51,797 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:04:51,883 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:04:52,300 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:04:53,988 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:54,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:04:54,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:04.140529+00:00 (in 9.999520 seconds) proxycacheblobworker stdout | 2025-11-04 09:04:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:04 GMT)" (scheduled at 2025-11-04 09:04:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:04:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:04:54,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 54, 141411), True, datetime.datetime(2025, 11, 4, 9, 4, 54, 141411), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:04:54,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:04:54,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:04:54,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:04:54,516 [246] [DEBUG] [app] Starting request: urn:request:0683ae18-2aee-44a7-ba65-91ae80ed9114 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:04:54,517 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:04:54,519 [257] [DEBUG] [app] Starting request: urn:request:7ed6b115-2993-40a7-a12e-14b16bcffae9 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:54,519 [257] [DEBUG] [app] Ending request: urn:request:7ed6b115-2993-40a7-a12e-14b16bcffae9 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:7ed6b115-2993-40a7-a12e-14b16bcffae9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-registry stdout | 2025-11-04 09:04:54,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:54,520 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:54,521 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:54,522 [246] [DEBUG] [app] Starting request: urn:request:4c77ff76-a60f-40a9-842c-a8b7dacab1a7 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:54,522 [246] [DEBUG] [app] Ending request: urn:request:4c77ff76-a60f-40a9-842c-a8b7dacab1a7 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:4c77ff76-a60f-40a9-842c-a8b7dacab1a7', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:04:54,522 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:04:54,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:54,523 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:54,523 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:54,523 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:04:54,531 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:54,532 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:54,540 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:54,544 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:54,547 [246] [DEBUG] [app] Ending request: urn:request:0683ae18-2aee-44a7-ba65-91ae80ed9114 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:0683ae18-2aee-44a7-ba65-91ae80ed9114', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:54,547 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:04:54,547 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:04:54,587 [246] [DEBUG] [app] Starting request: urn:request:a84c4b0c-06a1-4a28-905e-bbe39516c091 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:04:54,588 [264] [DEBUG] [app] Starting request: urn:request:e637740f-f01b-4158-9b10-64f70e3e678a (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:04:54,589 [264] [DEBUG] [app] Ending request: urn:request:e637740f-f01b-4158-9b10-64f70e3e678a (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:e637740f-f01b-4158-9b10-64f70e3e678a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:04:54,589 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.002) gunicorn-web stdout | 2025-11-04 09:04:54,589 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:54,590 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:04:54,591 [249] [DEBUG] [app] Starting request: urn:request:65ca31af-bd37-4e91-a245-06649184c23c (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:04:54,592 [249] [DEBUG] [app] Ending request: urn:request:65ca31af-bd37-4e91-a245-06649184c23c (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:65ca31af-bd37-4e91-a245-06649184c23c', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:04:54,592 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:04:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:04:54,592 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:04:54,592 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:04:54,593 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:04:54,593 [246] [INFO] [data.database] Connection pooling disabled for postgresql nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:04:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:04:54,600 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:04:54,600 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:04:54,609 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:04:54,612 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:04:54,615 [246] [DEBUG] [app] Ending request: urn:request:a84c4b0c-06a1-4a28-905e-bbe39516c091 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:a84c4b0c-06a1-4a28-905e-bbe39516c091', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:04:54,615 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:04:54,615 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:04:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:04:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.029 118 0.029) globalpromstats stdout | 2025-11-04 09:04:55,585 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:04:55,794 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:04:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:04:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:04.952363+00:00 (in 8.995343 seconds) gcworker stdout | 2025-11-04 09:04:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:25 GMT)" (scheduled at 2025-11-04 09:04:55.956600+00:00) gcworker stdout | 2025-11-04 09:04:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:04:55,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246795969, None, 1, 0]) gcworker stdout | 2025-11-04 09:04:55,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:04:55,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:04:56,106 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:04:56,804 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:04:57,298 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:04:57,492 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:04:57,698 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: expiredappspecifictokenworker stdout | 2025-11-04 09:04:58,384 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:04:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:04:59,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:05.157605+00:00 (in 6.000737 seconds) notificationworker stdout | 2025-11-04 09:04:59,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:09 GMT)" (scheduled at 2025-11-04 09:04:59.156372+00:00) notificationworker stdout | 2025-11-04 09:04:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:04:59,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 4, 59, 157199), True, datetime.datetime(2025, 11, 4, 9, 4, 59, 157199), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:04:59,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:04:59,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:04:59,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:04:59,301 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:04:59,504 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:05:00,507 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:05:00,596 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:05:01,340 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:05:01,345 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:05:01,349 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,603 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,605 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,699 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,700 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,703 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,706 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,706 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,712 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:03,713 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:04,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:14.140529+00:00 (in 9.999530 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:14 GMT)" (scheduled at 2025-11-04 09:05:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:05:04,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 4, 141402), True, datetime.datetime(2025, 11, 4, 9, 5, 4, 141402), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:05:04,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:05:04,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:05:04,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:14 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:05:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:05:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:25.956600+00:00 (in 21.003723 seconds) gcworker stdout | 2025-11-04 09:05:04,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:34 GMT)" (scheduled at 2025-11-04 09:05:04.952363+00:00) gcworker stdout | 2025-11-04 09:05:04,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037504953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:05:04,969 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:05:04,969 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:05:04,969 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:34 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:05:05,157 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:05,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:09.156372+00:00 (in 3.998207 seconds) notificationworker stdout | 2025-11-04 09:05:05,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:10:05 GMT)" (scheduled at 2025-11-04 09:05:05.157605+00:00) notificationworker stdout | 2025-11-04 09:05:05,158 [78] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 5, 5, 158475), 'notification/%']) notificationworker stdout | 2025-11-04 09:05:05,170 [78] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 5, 5, 158475), True, datetime.datetime(2025, 11, 4, 9, 5, 5, 158475), 0, 'notification/%']) notificationworker stdout | 2025-11-04 09:05:05,175 [78] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 5, 5, 158475), True, datetime.datetime(2025, 11, 4, 9, 5, 5, 158475), 0, 'notification/%', False, datetime.datetime(2025, 11, 4, 9, 5, 5, 158475), 'notification/%']) notificationworker stdout | 2025-11-04 09:05:05,179 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:05,179 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:10:05 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:05:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:05:07,253 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:21.254713+00:00 (in 14.001682 seconds) securityworker stdout | 2025-11-04 09:05:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:37 GMT)" (scheduled at 2025-11-04 09:05:07.252445+00:00) securityworker stdout | 2025-11-04 09:05:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:05:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:05:07,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:05:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:05:07,269 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,272 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:07,272 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:07,272 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:05:07,273 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 35, 45]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 35-45 securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Left range 35-45 securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stdout | 2025-11-04 09:05:07,278 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stdout | 2025-11-04 09:05:07,279 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 45, 49]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 35-45 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Already merged with block 35-45 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 35 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Total range: 1-35 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-35 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-35 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 25 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 25 securityworker stdout | 2025-11-04 09:05:07,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 12, 22]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:05:07,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:05:07,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-22 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Total range: 1-35 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Right range 12-22 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 12-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 2 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 2 securityworker stdout | 2025-11-04 09:05:07,286 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 2, 12]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Merging with block 12-22 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-22 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Total range: 1-35 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 12-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 2-22 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Right range 2-22 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:07,290 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stdout | 2025-11-04 09:05:07,293 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-22 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 22 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Total range: 22-35 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 22-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 25 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 25 securityworker stdout | 2025-11-04 09:05:07,294 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 22, 32]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 32 securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Total range: 32-35 securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 32-35 securityworker stdout | 2025-11-04 09:05:07,298 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 32-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 32-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 32 securityworker stdout | 2025-11-04 09:05:07,299 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 32, 42]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 32 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 42 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Total range: 42-32 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 42-32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:07,302 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:05:07,303 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 24, 34]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 24-34 securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Right range 24-34 securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-24 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 24-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 24-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-24 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:05:07,306 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:05:07,307 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 13, 23]) securityworker stdout | 2025-11-04 09:05:07,310 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-23 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Left range 13-23 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Right range 24-34 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 23-24 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-23 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 13-23 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 24-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 23-24 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stdout | 2025-11-04 09:05:07,311 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stdout | 2025-11-04 09:05:07,312 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 23, 33]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 23-33 by worker securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 23-33 by worker securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 23-33 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 13-23 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Already merged with block 13-23 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Merging with block 24-34 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-34 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 23-33 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 13-23 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 13-23 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 24-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Left range 13-34 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-49 securityworker stdout | 2025-11-04 09:05:07,315 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 13-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:05:07,316 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 35, 45]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 35-45 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Left range 13-34 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Right range 35-45 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 13-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-35 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 34 securityworker stdout | 2025-11-04 09:05:07,319 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 34 securityworker stdout | 2025-11-04 09:05:07,320 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 34, 44]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 34-44 by worker securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 34-44 by worker securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 34-44 securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 13-34 securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Already merged with block 13-34 securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Merging with block 35-45 securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-45 securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 34-44 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 13-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 13-34 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 35-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,323 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,324 [93] [DEBUG] [util.migrate.allocator] Right range 13-45 securityworker stdout | 2025-11-04 09:05:07,324 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-13 securityworker stdout | 2025-11-04 09:05:07,324 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 3 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 13-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-13 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 3 securityworker stdout | 2025-11-04 09:05:07,324 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 2, 12]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stdout | 2025-11-04 09:05:07,327 [93] [DEBUG] [util.migrate.allocator] Right range 13-45 securityworker stdout | 2025-11-04 09:05:07,328 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-13 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 13-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-13 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stdout | 2025-11-04 09:05:07,328 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stdout | 2025-11-04 09:05:07,328 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 12, 22]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Merging with block 13-45 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-45 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 13-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Right range 2-45 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:05:07,331 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 2-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:07,332 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 1, 11]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:05:07,335 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-45 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 45 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Total range: 45-49 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 45-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stdout | 2025-11-04 09:05:07,336 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stdout | 2025-11-04 09:05:07,337 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 45, 49]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 45 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 49-45 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 49-45 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:05:07,340 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:05:07,341 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 17, 27]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-27 securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Left range 17-27 securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-49 securityworker stdout | 2025-11-04 09:05:07,345 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:05:07,346 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 32, 42]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Right range 17-27 securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-17 securityworker stdout | 2025-11-04 09:05:07,350 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 7 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-17 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 7 securityworker stdout | 2025-11-04 09:05:07,351 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 6, 16]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 6-16 by worker securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 6-16 by worker securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 6-16 securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 6-16 securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] Selected random hole 3 with 4 total holes securityworker stdout | 2025-11-04 09:05:07,354 [93] [DEBUG] [util.migrate.allocator] Left range 17-27 securityworker stdout | 2025-11-04 09:05:07,355 [93] [DEBUG] [util.migrate.allocator] Right range 32-42 securityworker stdout | 2025-11-04 09:05:07,355 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 6-16 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 6-16 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 3 with 4 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 32-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-32 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 27 securityworker stdout | 2025-11-04 09:05:07,355 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 27 securityworker stdout | 2025-11-04 09:05:07,355 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 27, 37]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:05:07,358 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 17-27 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Already merged with block 17-27 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Merging with block 32-42 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 17-27 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 32-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-42 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-42 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Left range 6-16 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Right range 17-42 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 16-17 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 6-16 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Right range 17-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 16-17 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stdout | 2025-11-04 09:05:07,359 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stdout | 2025-11-04 09:05:07,360 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 16, 26]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 16-26 by worker securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 16-26 by worker securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 16-26 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 6-16 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Already merged with block 6-16 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Merging with block 17-42 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 6-42 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 16-26 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 6-16 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 6-16 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 17-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 6-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Left range 6-42 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stdout | 2025-11-04 09:05:07,363 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Left range 6-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stdout | 2025-11-04 09:05:07,364 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 42, 49]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 6-42 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Already merged with block 6-42 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 6 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Total range: 1-6 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 6-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 6-42 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 6 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-6 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-6 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-6 securityworker stdout | 2025-11-04 09:05:07,369 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:07,370 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 7, 257195), 1, 11]) securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:07,373 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:05:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:07,374 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:05:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:05:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:37.446883+00:00 (in 30.001706 seconds) namespacegcworker stdout | 2025-11-04 09:05:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:07 GMT)" (scheduled at 2025-11-04 09:05:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:05:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:05:07,447 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 7, 445516), True, datetime.datetime(2025, 11, 4, 9, 5, 7, 445516), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:05:07,459 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:05:07,459 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:05:07,459 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:05:07,611 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:07,800 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:19.156372+00:00 (in 9.999503 seconds) notificationworker stdout | 2025-11-04 09:05:09,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:19 GMT)" (scheduled at 2025-11-04 09:05:09.156372+00:00) notificationworker stdout | 2025-11-04 09:05:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:05:09,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 9, 157346), True, datetime.datetime(2025, 11, 4, 9, 5, 9, 157346), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:05:09,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:05:09,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:09,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:05:09,517 [246] [DEBUG] [app] Starting request: urn:request:9a535896-48c2-496f-9768-14fb2b759a2a (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:05:09,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:05:09,521 [257] [DEBUG] [app] Starting request: urn:request:b0ccf5e9-a2c7-468f-a74d-c10e6edd6697 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:09,521 [257] [DEBUG] [app] Ending request: urn:request:b0ccf5e9-a2c7-468f-a74d-c10e6edd6697 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:b0ccf5e9-a2c7-468f-a74d-c10e6edd6697', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:05:09,521 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:05:09,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:09,524 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:09,526 [248] [DEBUG] [app] Starting request: urn:request:6101f54f-ecea-4805-a8ce-e3b09c0130d6 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:09,527 [248] [DEBUG] [app] Ending request: urn:request:6101f54f-ecea-4805-a8ce-e3b09c0130d6 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:6101f54f-ecea-4805-a8ce-e3b09c0130d6', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:09,527 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.002) gunicorn-web stdout | 2025-11-04 09:05:09,527 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:09,528 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:09,528 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:09,528 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:09,535 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:09,535 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:09,545 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:09,548 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:09,551 [246] [DEBUG] [app] Ending request: urn:request:9a535896-48c2-496f-9768-14fb2b759a2a (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:9a535896-48c2-496f-9768-14fb2b759a2a', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:09,552 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:09,552 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.036 118 0.036) gunicorn-web stdout | 2025-11-04 09:05:09,587 [246] [DEBUG] [app] Starting request: urn:request:7211bd8e-7925-49b3-8c62-e272025e7f4e (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:05:09,589 [257] [DEBUG] [app] Starting request: urn:request:da4888eb-d5d2-42a2-988f-f521069c6e19 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:09,589 [257] [DEBUG] [app] Ending request: urn:request:da4888eb-d5d2-42a2-988f-f521069c6e19 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:da4888eb-d5d2-42a2-988f-f521069c6e19', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:05:09,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:09,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.001) gunicorn-web stdout | 2025-11-04 09:05:09,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:09,592 [249] [DEBUG] [app] Starting request: urn:request:08d4222a-060a-478b-bceb-e19a94013a20 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:09,593 [249] [DEBUG] [app] Ending request: urn:request:08d4222a-060a-478b-bceb-e19a94013a20 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:08d4222a-060a-478b-bceb-e19a94013a20', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.002) gunicorn-web stdout | 2025-11-04 09:05:09,593 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:09,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:09,593 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:09,593 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:09,594 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:09,601 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:09,601 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:09,610 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:09,614 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:09,617 [246] [DEBUG] [app] Ending request: urn:request:7211bd8e-7925-49b3-8c62-e272025e7f4e (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:7211bd8e-7925-49b3-8c62-e272025e7f4e', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:09,617 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:09,618 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) securityscanningnotificationworker stdout | 2025-11-04 09:05:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:05:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:27.745810+00:00 (in 17.001518 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:05:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:10 GMT)" (scheduled at 2025-11-04 09:05:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:05:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:05:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 10, 744640), True, datetime.datetime(2025, 11, 4, 9, 5, 10, 744640), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:05:10,758 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:05:10,758 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:05:10,758 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:05:10,922 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:05:12,112 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:05:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:05:12,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:42.952336+00:00 (in 29.999567 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:05:12,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:42 GMT)" (scheduled at 2025-11-04 09:05:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:05:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:05:12,955 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:05:12,955 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:42 GMT)" executed successfully gcworker stdout | 2025-11-04 09:05:13,425 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:24.140529+00:00 (in 9.999489 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:24 GMT)" (scheduled at 2025-11-04 09:05:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:05:14,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 14, 141464), True, datetime.datetime(2025, 11, 4, 9, 5, 14, 141464), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:05:14,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:05:14,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:05:14,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:24 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:05:16,108 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:05:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:05:16,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:46.130127+00:00 (in 29.999567 seconds) autopruneworker stdout | 2025-11-04 09:05:16,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:46 GMT)" (scheduled at 2025-11-04 09:05:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:05:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243516138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:05:16,143 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:05:16,143 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:05:16,143 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:46 GMT)" executed successfully exportactionlogsworker stdout | 2025-11-04 09:05:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:05:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:28.340417+00:00 (in 11.996613 seconds) exportactionlogsworker stdout | 2025-11-04 09:05:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:16 GMT)" (scheduled at 2025-11-04 09:05:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:05:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:05:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:05:16,354 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:16,354 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:16,394 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:16,402 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:16,405 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:05:18,698 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:29.156372+00:00 (in 9.999545 seconds) notificationworker stdout | 2025-11-04 09:05:19,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:29 GMT)" (scheduled at 2025-11-04 09:05:19.156372+00:00) notificationworker stdout | 2025-11-04 09:05:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:05:19,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 19, 157249), True, datetime.datetime(2025, 11, 4, 9, 5, 19, 157249), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:05:19,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:05:19,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:19,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:20.247243+00:00 (in 1.001429 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:19 GMT)" (scheduled at 2025-11-04 09:05:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,246 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,258 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,258 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:05:19,259 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:05:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:05:19,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:49.635986+00:00 (in 29.999520 seconds) buildlogsarchiver stdout | 2025-11-04 09:05:19,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:49 GMT)" (scheduled at 2025-11-04 09:05:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:05:19,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 5, 19, 637555), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:05:19,649 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:05:19,649 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:05:19,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,248 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:19.245377+00:00 (in 58.997235 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,248 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:20 GMT)" (scheduled at 2025-11-04 09:05:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,263 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,263 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:05:20,263 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:05:20,908 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:05:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:05:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:37.252445+00:00 (in 15.997220 seconds) securityworker stdout | 2025-11-04 09:05:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:51 GMT)" (scheduled at 2025-11-04 09:05:21.254713+00:00) securityworker stdout | 2025-11-04 09:05:21,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:05:21,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:05:21,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:05:21,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:21,274 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:21,274 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:21,274 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:21,274 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:21,275 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:21,279 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:21,280 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 21, 262317), 1, 49]) securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:21,284 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:21,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 21, 262317), 1, 49]) securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:21,289 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:05:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:21,289 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:05:21,605 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:05:21,811 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:05:21,897 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:05:22,314 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:05:24,001 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:24,141 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:24,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:27.142482+00:00 (in 3.001015 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:34 GMT)" (scheduled at 2025-11-04 09:05:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:05:24,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 24, 141847), True, datetime.datetime(2025, 11, 4, 9, 5, 24, 141847), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:05:24,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:05:24,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:05:24,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:05:24,516 [246] [DEBUG] [app] Starting request: urn:request:c021fd4a-4817-4db4-b0b1-2d77f35529a5 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:05:24,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:05:24,519 [257] [DEBUG] [app] Starting request: urn:request:bded61a4-1dc3-4004-86c8-47da093fa61f (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:24,520 [257] [DEBUG] [app] Ending request: urn:request:bded61a4-1dc3-4004-86c8-47da093fa61f (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:bded61a4-1dc3-4004-86c8-47da093fa61f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-registry stdout | 2025-11-04 09:05:24,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:24,520 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:24,521 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:24,523 [246] [DEBUG] [app] Starting request: urn:request:87c883f2-99f9-4eab-959f-e43d817ef657 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:24,523 [246] [DEBUG] [app] Ending request: urn:request:87c883f2-99f9-4eab-959f-e43d817ef657 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:87c883f2-99f9-4eab-959f-e43d817ef657', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:05:24,523 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:24,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:24,524 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:24,524 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:24,524 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:24,531 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:24,532 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:24,541 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:24,545 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:24,548 [246] [DEBUG] [app] Ending request: urn:request:c021fd4a-4817-4db4-b0b1-2d77f35529a5 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:c021fd4a-4817-4db4-b0b1-2d77f35529a5', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:24,548 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:24,549 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) gunicorn-web stdout | 2025-11-04 09:05:24,587 [246] [DEBUG] [app] Starting request: urn:request:f96d5902-4b93-44bb-ada2-391a4f4dcbd2 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:05:24,589 [257] [DEBUG] [app] Starting request: urn:request:e5f41b2f-a223-444c-bf0a-4d925e97e5e7 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:24,589 [257] [DEBUG] [app] Ending request: urn:request:e5f41b2f-a223-444c-bf0a-4d925e97e5e7 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:e5f41b2f-a223-444c-bf0a-4d925e97e5e7', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:05:24,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:24,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.001) gunicorn-web stdout | 2025-11-04 09:05:24,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:24,592 [247] [DEBUG] [app] Starting request: urn:request:51dfa6d2-66bf-4e78-89fa-917fc4c88c15 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:24,592 [247] [DEBUG] [app] Ending request: urn:request:51dfa6d2-66bf-4e78-89fa-917fc4c88c15 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:51dfa6d2-66bf-4e78-89fa-917fc4c88c15', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:24,593 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:05:24,595 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:24,595 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:24,595 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:24,595 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:24,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:24,603 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:24,613 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:24,616 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:24,619 [246] [DEBUG] [app] Ending request: urn:request:f96d5902-4b93-44bb-ada2-391a4f4dcbd2 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:f96d5902-4b93-44bb-ada2-391a4f4dcbd2', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:24,620 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:24,620 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) globalpromstats stdout | 2025-11-04 09:05:25,599 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:05:25,808 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:05:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:05:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:34.952363+00:00 (in 8.995317 seconds) gcworker stdout | 2025-11-04 09:05:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:55 GMT)" (scheduled at 2025-11-04 09:05:25.956600+00:00) gcworker stdout | 2025-11-04 09:05:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:05:25,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246825969, None, 1, 0]) gcworker stdout | 2025-11-04 09:05:25,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:05:25,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:05:55 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:05:26,119 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:26,818 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:05:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:05:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:51.065407+00:00 (in 24.001008 seconds) repositorygcworker stdout | 2025-11-04 09:05:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:27 GMT)" (scheduled at 2025-11-04 09:05:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:05:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:05:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 27, 64750), True, datetime.datetime(2025, 11, 4, 9, 5, 27, 64750), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:05:27,078 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:05:27,078 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:05:27,079 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:05:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:27,143 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:34.140529+00:00 (in 6.997530 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:27 GMT)" (scheduled at 2025-11-04 09:05:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:05:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:05:27,316 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:05:27,506 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:05:27,713 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:05:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:05:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:10.743793+00:00 (in 42.997511 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:05:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:27 GMT)" (scheduled at 2025-11-04 09:05:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:05:27,746 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:05:27,746 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:27 GMT)" executed successfully exportactionlogsworker stdout | 2025-11-04 09:05:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:05:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:16.343350+00:00 (in 48.002489 seconds) exportactionlogsworker stdout | 2025-11-04 09:05:28,341 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:28 GMT)" (scheduled at 2025-11-04 09:05:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:05:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:05:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 28, 341226), True, datetime.datetime(2025, 11, 4, 9, 5, 28, 341226), 0, 'exportactionlogs/%', 50, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:05:28,354 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:05:28,354 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:05:28,354 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:28 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:05:28,398 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:29.157944+00:00 (in 0.001109 seconds) notificationworker stdout | 2025-11-04 09:05:29,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:39 GMT)" (scheduled at 2025-11-04 09:05:29.156372+00:00) notificationworker stdout | 2025-11-04 09:05:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:05:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 29, 157237), True, datetime.datetime(2025, 11, 4, 9, 5, 29, 157237), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:05:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:39.156372+00:00 (in 9.997978 seconds) notificationworker stdout | 2025-11-04 09:05:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:29 GMT)" (scheduled at 2025-11-04 09:05:29.157944+00:00) notificationworker stdout | 2025-11-04 09:05:29,158 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:05:29,158 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:05:29,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:05:29,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:29,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:05:29,314 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:05:29,517 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:05:30,521 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:05:30,612 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:05:31,359 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:05:31,363 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:05:31,367 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:05:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:05:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:31.643382+00:00 (in 59.999532 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:05:31,644 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:31 GMT)" (scheduled at 2025-11-04 09:05:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:05:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:05:31,656 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:05:31,656 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:31 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:05:33,622 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,625 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,717 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,722 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,726 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,727 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,727 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,731 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:05:33,734 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:34,141 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:34,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:44.140529+00:00 (in 9.998843 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:44 GMT)" (scheduled at 2025-11-04 09:05:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:34,142 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:05:34,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 34, 142099), True, datetime.datetime(2025, 11, 4, 9, 5, 34, 142099), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:05:34,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:05:34,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:05:34,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:44 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:05:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:05:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:55.956600+00:00 (in 21.003785 seconds) gcworker stdout | 2025-11-04 09:05:34,952 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:04 GMT)" (scheduled at 2025-11-04 09:05:34.952363+00:00) gcworker stdout | 2025-11-04 09:05:34,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037534953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:05:34,967 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:05:34,967 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:05:34,967 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:04 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:05:36,144 [73] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestbackfillworker stdout | 2025-11-04 09:05:36,144 [73] [INFO] [apscheduler.executors.default] Running job "ManifestBackfillWorker._backfill_manifests (trigger: interval[1:00:00], next run at: 2025-11-04 09:05:36 GMT)" (scheduled at 2025-11-04 09:05:36.143380+00:00) manifestbackfillworker stdout | 2025-11-04 09:05:36,145 [73] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."layers_compressed_size" IS %s) LIMIT %s OFFSET %s', [None, 1, 0]) manifestbackfillworker stdout | 2025-11-04 09:05:36,145 [73] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 10:05:36.143380+00:00 (in 3599.997584 seconds) manifestbackfillworker stdout | 2025-11-04 09:05:36,156 [73] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Total range: 1-49 manifestbackfillworker stdout | 2025-11-04 09:05:36,159 [73] [DEBUG] [util.migrate.allocator] Total range: 1-49 manifestbackfillworker stdout | 2025-11-04 09:05:36,160 [73] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes manifestbackfillworker stdout | 2025-11-04 09:05:36,160 [73] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Rand max bound: 1 manifestbackfillworker stdout | 2025-11-04 09:05:36,160 [73] [DEBUG] [util.migrate.allocator] Rand max bound: 1 manifestbackfillworker stdout | 2025-11-04 09:05:36,160 [73] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ((("t1"."layers_compressed_size" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Found 3 candidates, processing block start: 1 end: 49 by worker manifestbackfillworker stdout | 2025-11-04 09:05:36,164 [73] [DEBUG] [util.migrate.allocator] Found 3 candidates, processing block start: 1 end: 49 by worker manifestbackfillworker stdout | 2025-11-04 09:05:36,164 [73] [DEBUG] [__main__] Setting layers compressed size for manifest 18 manifestbackfillworker stdout | 2025-11-04 09:05:36,165 [73] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [18, 1, 0]) manifestbackfillworker stdout | 2025-11-04 09:05:36,173 [73] [DEBUG] [peewee] ('UPDATE "manifest" SET "config_media_type" = %s, "layers_compressed_size" = %s WHERE (("manifest"."id" = %s) AND ("manifest"."layers_compressed_size" IS %s))', [None, 0, 18, None]) manifestbackfillworker stdout | 2025-11-04 09:05:36,178 [73] [DEBUG] [__main__] Setting layers compressed size for manifest 41 manifestbackfillworker stdout | 2025-11-04 09:05:36,178 [73] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [16, 1, 0]) manifestbackfillworker stdout | 2025-11-04 09:05:36,183 [73] [DEBUG] [peewee] ('UPDATE "manifest" SET "config_media_type" = %s, "layers_compressed_size" = %s WHERE (("manifest"."id" = %s) AND ("manifest"."layers_compressed_size" IS %s))', [None, 0, 41, None]) manifestbackfillworker stdout | 2025-11-04 09:05:36,187 [73] [DEBUG] [__main__] Setting layers compressed size for manifest 48 manifestbackfillworker stdout | 2025-11-04 09:05:36,187 [73] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [16, 1, 0]) manifestbackfillworker stdout | 2025-11-04 09:05:36,191 [73] [DEBUG] [peewee] ('UPDATE "manifest" SET "config_media_type" = %s, "layers_compressed_size" = %s WHERE (("manifest"."id" = %s) AND ("manifest"."layers_compressed_size" IS %s))', [None, 0, 48, None]) manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] Marking id range as completed: 1-49 by worker manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] Total blocks: 0 manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] Total range: 49-1 manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [util.migrate.allocator] No more work by worker manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Marking id range as completed: 1-49 by worker manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Total blocks: 0 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] Total range: 49-1 manifestbackfillworker stderr | 2025-11-04 09:05:36 [73] [DEBUG] [util.migrate.allocator] No more work by worker manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [DEBUG] [data.database] Disconnecting from database. manifestbackfillworker stdout | 2025-11-04 09:05:36,196 [73] [INFO] [apscheduler.executors.default] Job "ManifestBackfillWorker._backfill_manifests (trigger: interval[1:00:00], next run at: 2025-11-04 10:05:36 GMT)" executed successfully securityworker stdout | 2025-11-04 09:05:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:05:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:51.254713+00:00 (in 14.001802 seconds) securityworker stdout | 2025-11-04 09:05:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:07 GMT)" (scheduled at 2025-11-04 09:05:37.252445+00:00) securityworker stdout | 2025-11-04 09:05:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:05:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:05:37,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:05:37,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:05:37,269 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:05:37,269 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:07 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:05:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:05:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:59.446467+00:00 (in 21.999102 seconds) namespacegcworker stdout | 2025-11-04 09:05:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:37 GMT)" (scheduled at 2025-11-04 09:05:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:05:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:05:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:05:37,624 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:37,814 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:49.156372+00:00 (in 9.999528 seconds) notificationworker stdout | 2025-11-04 09:05:39,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:49 GMT)" (scheduled at 2025-11-04 09:05:39.156372+00:00) notificationworker stdout | 2025-11-04 09:05:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:05:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 39, 157231), True, datetime.datetime(2025, 11, 4, 9, 5, 39, 157231), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:05:39,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:05:39,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:39,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:05:39,516 [248] [DEBUG] [app] Starting request: urn:request:d2438ae7-c3a7-4237-b557-6d3410c4dfd4 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:05:39,517 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:05:39,520 [257] [DEBUG] [app] Starting request: urn:request:7c86d84b-a2f6-4513-80a1-125d52543657 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:39,520 [257] [DEBUG] [app] Ending request: urn:request:7c86d84b-a2f6-4513-80a1-125d52543657 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:7c86d84b-a2f6-4513-80a1-125d52543657', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:39,521 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-registry stdout | 2025-11-04 09:05:39,521 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:39,522 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:39,523 [246] [DEBUG] [app] Starting request: urn:request:4edea37c-cb45-4740-8a14-3349c63865bc (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:39,524 [246] [DEBUG] [app] Ending request: urn:request:4edea37c-cb45-4740-8a14-3349c63865bc (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:4edea37c-cb45-4740-8a14-3349c63865bc', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:39,524 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:05:39,524 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:39,524 [248] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:39,525 [248] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:39,525 [248] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:39,532 [248] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:39,532 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:39,542 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:39,546 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:39,549 [248] [DEBUG] [app] Ending request: urn:request:d2438ae7-c3a7-4237-b557-6d3410c4dfd4 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:d2438ae7-c3a7-4237-b557-6d3410c4dfd4', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:39,549 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:39,550 [248] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.034 118 0.034) gunicorn-web stdout | 2025-11-04 09:05:39,587 [248] [DEBUG] [app] Starting request: urn:request:7dfffd00-8743-483c-9415-9252dfecde98 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:05:39,589 [257] [DEBUG] [app] Starting request: urn:request:51c2da58-56c5-4101-a62a-1831bd95d6b6 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:39,589 [257] [DEBUG] [app] Ending request: urn:request:51c2da58-56c5-4101-a62a-1831bd95d6b6 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:51c2da58-56c5-4101-a62a-1831bd95d6b6', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-registry stdout | 2025-11-04 09:05:39,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:39,590 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:39,591 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:39,592 [249] [DEBUG] [app] Starting request: urn:request:c451e728-75cf-4e0f-b241-b90cdd9f8c7f (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:39,593 [249] [DEBUG] [app] Ending request: urn:request:c451e728-75cf-4e0f-b241-b90cdd9f8c7f (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:c451e728-75cf-4e0f-b241-b90cdd9f8c7f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:39,593 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:05:39,593 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:39,594 [248] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:39,594 [248] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:39,594 [248] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:39,601 [248] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:39,601 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:39,610 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:39,613 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:39,617 [248] [DEBUG] [app] Ending request: urn:request:7dfffd00-8743-483c-9415-9252dfecde98 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:7dfffd00-8743-483c-9415-9252dfecde98', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:39,617 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:39,617 [248] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.030 118 0.031) autopruneworker stdout | 2025-11-04 09:05:40,936 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:05:42,126 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:05:42,953 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:05:42,953 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:12.952336+00:00 (in 29.999057 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:05:42,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:12 GMT)" (scheduled at 2025-11-04 09:05:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:05:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:05:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:05:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:12 GMT)" executed successfully gcworker stdout | 2025-11-04 09:05:43,439 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:54.140529+00:00 (in 9.999073 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:44,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:54 GMT)" (scheduled at 2025-11-04 09:05:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:44,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:05:44,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 44, 141906), True, datetime.datetime(2025, 11, 4, 9, 5, 44, 141906), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:05:44,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:05:44,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:05:44,156 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:54 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:05:46,121 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:05:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:05:46,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:16.130127+00:00 (in 29.999572 seconds) autopruneworker stdout | 2025-11-04 09:05:46,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:16 GMT)" (scheduled at 2025-11-04 09:05:46.130127+00:00) autopruneworker stdout | 2025-11-04 09:05:46,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243546138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:05:46,144 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:05:46,144 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:05:46,144 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:05:46,370 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:46,370 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:46,408 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:46,423 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:05:46,433 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:05:48,711 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:05:59.156372+00:00 (in 9.999532 seconds) notificationworker stdout | 2025-11-04 09:05:49,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:59 GMT)" (scheduled at 2025-11-04 09:05:49.156372+00:00) notificationworker stdout | 2025-11-04 09:05:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:05:49,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 49, 157268), True, datetime.datetime(2025, 11, 4, 9, 5, 49, 157268), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:05:49,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:05:49,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:49,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:05:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:05:49,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:05:49,637 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:19.635986+00:00 (in 29.998728 seconds) buildlogsarchiver stdout | 2025-11-04 09:05:49,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:19 GMT)" (scheduled at 2025-11-04 09:05:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:05:49,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 5, 49, 637574), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:05:49,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:05:49,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:05:49,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:19 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:05:50,922 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:05:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:05:51,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:27.063966+00:00 (in 35.998124 seconds) repositorygcworker stdout | 2025-11-04 09:05:51,066 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:51 GMT)" (scheduled at 2025-11-04 09:05:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:05:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:05:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:06:51 GMT)" executed successfully securityworker stdout | 2025-11-04 09:05:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:05:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:07.252445+00:00 (in 15.997259 seconds) securityworker stdout | 2025-11-04 09:05:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:21 GMT)" (scheduled at 2025-11-04 09:05:51.254713+00:00) securityworker stdout | 2025-11-04 09:05:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:05:51,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:05:51,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:05:51,263 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:51,274 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:05:51,274 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:51,274 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:51,274 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:51,276 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:51,280 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:51,281 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 0, 51, 263170), 1, 49]) securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:05:51,285 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:05:51,286 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 0, 51, 263170), 1, 49]) securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:51,290 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:05:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:05:51,291 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:21 GMT)" executed successfully servicekey stdout | 2025-11-04 09:05:51,619 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:05:51,825 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:05:51,911 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:05:52,328 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:05:54,015 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:54,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:05:54,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:04.140529+00:00 (in 9.998890 seconds) proxycacheblobworker stdout | 2025-11-04 09:05:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:04 GMT)" (scheduled at 2025-11-04 09:05:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:05:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:05:54,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 54, 142016), True, datetime.datetime(2025, 11, 4, 9, 5, 54, 142016), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:05:54,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:05:54,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:05:54,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:05:54,516 [246] [DEBUG] [app] Starting request: urn:request:17dadc47-865a-475e-8f6b-8a09026bc7a2 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:05:54,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:05:54,520 [263] [DEBUG] [app] Starting request: urn:request:06c8dbcd-7a34-45ee-811f-6c2368517ba9 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:54,521 [263] [DEBUG] [app] Ending request: urn:request:06c8dbcd-7a34-45ee-811f-6c2368517ba9 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:06c8dbcd-7a34-45ee-811f-6c2368517ba9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:05:54,521 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:05:54,521 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:54,523 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:54,524 [246] [DEBUG] [app] Starting request: urn:request:949fb5df-342f-427e-8471-bcc7990eeb32 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:54,525 [246] [DEBUG] [app] Ending request: urn:request:949fb5df-342f-427e-8471-bcc7990eeb32 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:949fb5df-342f-427e-8471-bcc7990eeb32', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:54,525 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:05:54,525 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:54,526 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:54,526 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:54,526 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:54,534 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:54,534 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:54,542 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:54,546 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:54,550 [246] [DEBUG] [app] Ending request: urn:request:17dadc47-865a-475e-8f6b-8a09026bc7a2 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:17dadc47-865a-475e-8f6b-8a09026bc7a2', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:54,550 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:05:54,550 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.035) gunicorn-web stdout | 2025-11-04 09:05:54,587 [246] [DEBUG] [app] Starting request: urn:request:1c57b699-826c-4a67-a13d-f8ea93832460 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:05:54,589 [257] [DEBUG] [app] Starting request: urn:request:a2727293-22e3-40e1-8d00-b64c3e64bafc (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:05:54,589 [257] [DEBUG] [app] Ending request: urn:request:a2727293-22e3-40e1-8d00-b64c3e64bafc (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:a2727293-22e3-40e1-8d00-b64c3e64bafc', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-registry stdout | 2025-11-04 09:05:54,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:54,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:05:54,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:05:54,592 [248] [DEBUG] [app] Starting request: urn:request:709a29b9-79fe-4f78-a80a-eef92f41f4a1 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:05:54,593 [248] [DEBUG] [app] Ending request: urn:request:709a29b9-79fe-4f78-a80a-eef92f41f4a1 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:709a29b9-79fe-4f78-a80a-eef92f41f4a1', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:05:54,593 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:05:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:05:54,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:05:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:05:54,593 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:05:54,594 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:05:54,594 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:05:54,600 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:05:54,600 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:05:54,609 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:05:54,613 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:05:54,616 [246] [DEBUG] [app] Ending request: urn:request:1c57b699-826c-4a67-a13d-f8ea93832460 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:1c57b699-826c-4a67-a13d-f8ea93832460', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:05:54,616 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:05:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.030 118 0.030) gunicorn-web stdout | 2025-11-04 09:05:54,616 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:05:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" globalpromstats stdout | 2025-11-04 09:05:55,613 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:05:55,821 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:05:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:05:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:04.952363+00:00 (in 8.995313 seconds) gcworker stdout | 2025-11-04 09:05:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:25 GMT)" (scheduled at 2025-11-04 09:05:55.956600+00:00) gcworker stdout | 2025-11-04 09:05:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:05:55,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246855969, None, 1, 0]) gcworker stdout | 2025-11-04 09:05:55,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:05:55,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:05:56,133 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:05:56,831 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:05:57,329 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:05:57,520 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:05:57,728 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: expiredappspecifictokenworker stdout | 2025-11-04 09:05:58,411 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:05:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:05:59,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:09.156372+00:00 (in 9.999532 seconds) notificationworker stdout | 2025-11-04 09:05:59,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:09 GMT)" (scheduled at 2025-11-04 09:05:59.156372+00:00) notificationworker stdout | 2025-11-04 09:05:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:05:59,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 5, 59, 157259), True, datetime.datetime(2025, 11, 4, 9, 5, 59, 157259), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:05:59,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:05:59,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:05:59,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:05:59,327 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:05:59,446 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:05:59,446 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:07.444700+00:00 (in 7.997764 seconds) namespacegcworker stdout | 2025-11-04 09:05:59,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:10:59 GMT)" (scheduled at 2025-11-04 09:05:59.446467+00:00) namespacegcworker stdout | 2025-11-04 09:05:59,447 [76] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 5, 59, 447274), 'namespacegc/%']) namespacegcworker stdout | 2025-11-04 09:05:59,460 [76] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 5, 59, 447274), True, datetime.datetime(2025, 11, 4, 9, 5, 59, 447274), 0, 'namespacegc/%']) namespacegcworker stdout | 2025-11-04 09:05:59,464 [76] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 5, 59, 447274), True, datetime.datetime(2025, 11, 4, 9, 5, 59, 447274), 0, 'namespacegc/%', False, datetime.datetime(2025, 11, 4, 9, 5, 59, 447274), 'namespacegc/%']) namespacegcworker stdout | 2025-11-04 09:05:59,468 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:05:59,468 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:10:59 GMT)" executed successfully logrotateworker stdout | 2025-11-04 09:05:59,531 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:06:00,534 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:06:00,627 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:06:01,382 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:06:01,383 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:06:01,388 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,647 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,650 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,735 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,743 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,745 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,746 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,748 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,748 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:03,754 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:04,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:14.140529+00:00 (in 9.999420 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:14 GMT)" (scheduled at 2025-11-04 09:06:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:06:04,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 4, 141526), True, datetime.datetime(2025, 11, 4, 9, 6, 4, 141526), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:06:04,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:06:04,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:06:04,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:14 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:06:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:06:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:25.956600+00:00 (in 21.003747 seconds) gcworker stdout | 2025-11-04 09:06:04,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:34 GMT)" (scheduled at 2025-11-04 09:06:04.952363+00:00) gcworker stdout | 2025-11-04 09:06:04,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037564953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:06:04,968 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:06:04,968 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:06:04,969 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:34 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:06:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:06:07,253 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:21.254713+00:00 (in 14.001438 seconds) securityworker stdout | 2025-11-04 09:06:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:37 GMT)" (scheduled at 2025-11-04 09:06:07.252445+00:00) securityworker stdout | 2025-11-04 09:06:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:06:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:06:07,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:06:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:06:07,269 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:06:07,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,272 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,272 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:07,272 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:06:07,272 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 25, 35]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 25-35 by worker securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 25-35 by worker securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 25-35 securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 25-35 securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-25 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 25-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 25-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-25 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 15 securityworker stdout | 2025-11-04 09:06:07,276 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 15 securityworker stdout | 2025-11-04 09:06:07,278 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 12, 22]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:06:07,280 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:06:07,280 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:06:07,280 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-22 securityworker stdout | 2025-11-04 09:06:07,280 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:06:07,280 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,281 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:06:07,281 [93] [DEBUG] [util.migrate.allocator] Left range 12-22 securityworker stdout | 2025-11-04 09:06:07,281 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stdout | 2025-11-04 09:06:07,281 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-25 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-22 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 12-22 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-25 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 22 securityworker stdout | 2025-11-04 09:06:07,281 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 22 securityworker stdout | 2025-11-04 09:06:07,281 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 22, 32]) securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-22 securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-22 securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] Merging with block 25-35 securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,284 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-35 securityworker stdout | 2025-11-04 09:06:07,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-22 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-22 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 25-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,285 [93] [DEBUG] [util.migrate.allocator] Left range 12-35 securityworker stdout | 2025-11-04 09:06:07,285 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 35-49 securityworker stdout | 2025-11-04 09:06:07,285 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 12-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 35-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:06:07,286 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 35, 45]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-35 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-35 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-45 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-35 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 12-45 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Left range 12-45 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stdout | 2025-11-04 09:06:07,289 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 12-45 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stdout | 2025-11-04 09:06:07,290 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 45, 49]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-45 securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-45 securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 12 securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Total range: 1-12 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 12-45 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 12-45 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 12 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-12 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-12 securityworker stdout | 2025-11-04 09:06:07,294 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 2 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-12 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 2 securityworker stdout | 2025-11-04 09:06:07,295 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Total range: 11-12 securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 11-12 securityworker stdout | 2025-11-04 09:06:07,298 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-12 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 11-12 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stdout | 2025-11-04 09:06:07,299 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 11, 21]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 11-21 by worker securityworker stdout | 2025-11-04 09:06:07,302 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 11-21 by worker securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 11-21 securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 11 securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 21 securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Total range: 21-11 securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 11-21 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 21 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 21-11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:07,303 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:06:07,304 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 18, 28]) securityworker stdout | 2025-11-04 09:06:07,307 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stdout | 2025-11-04 09:06:07,307 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stdout | 2025-11-04 09:06:07,307 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 18-28 securityworker stdout | 2025-11-04 09:06:07,307 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,307 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,308 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,308 [93] [DEBUG] [util.migrate.allocator] Left range 18-28 securityworker stdout | 2025-11-04 09:06:07,308 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 28-49 securityworker stdout | 2025-11-04 09:06:07,308 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 18-28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 18-28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 28-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:06:07,308 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 32, 42]) securityworker stdout | 2025-11-04 09:06:07,311 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Left range 18-28 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Right range 32-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 18-28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Right range 32-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 28-32 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 28-32 securityworker stdout | 2025-11-04 09:06:07,312 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stdout | 2025-11-04 09:06:07,313 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 28, 38]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 28-38 by worker securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 28-38 by worker securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 28-38 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 18-28 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Already merged with block 18-28 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Merging with block 32-42 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 18-42 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Right range 18-42 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-18 securityworker stdout | 2025-11-04 09:06:07,317 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 8 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 28-38 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 18-28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 18-28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 32-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 18-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Right range 18-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 8 securityworker stdout | 2025-11-04 09:06:07,318 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 1, 11]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:06:07,322 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:06:07,322 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:06:07,322 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [util.migrate.allocator] Total range: 11-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [util.migrate.allocator] Left range 18-42 securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 18-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stdout | 2025-11-04 09:06:07,323 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 42, 49]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 18-42 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Already merged with block 18-42 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 18 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Total range: 11-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 18-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 18-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 11-18 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 11-18 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stdout | 2025-11-04 09:06:07,328 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 11, 21]) securityworker stdout | 2025-11-04 09:06:07,331 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 11-21 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 11-21 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 11-21 securityworker stdout | 2025-11-04 09:06:07,331 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 11-21 securityworker stdout | 2025-11-04 09:06:07,331 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 11 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 21 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Total range: 21-11 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 21 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 21-11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:06:07,332 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 33, 43]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 33-43 by worker securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 33-43 by worker securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 33-43 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 33-43 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 33-43 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 33-43 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 33-43 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Left range 33-43 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 43-49 securityworker stdout | 2025-11-04 09:06:07,336 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 43 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 43-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 43 securityworker stdout | 2025-11-04 09:06:07,337 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 43, 49]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 43-49 by worker securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 43-49 by worker securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 43-49 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 33-43 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Already merged with block 33-43 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 33 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 43-49 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 33-43 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 33-43 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-33 securityworker stdout | 2025-11-04 09:06:07,340 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stdout | 2025-11-04 09:06:07,341 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 8, 18]) securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 8-18 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 8-18 by worker securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 8-18 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 8-18 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-18 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-33 securityworker stdout | 2025-11-04 09:06:07,345 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stdout | 2025-11-04 09:06:07,346 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 22, 32]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:06:07,349 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:06:07,349 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stdout | 2025-11-04 09:06:07,349 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 22-32 securityworker stdout | 2025-11-04 09:06:07,349 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:06:07,349 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stdout | 2025-11-04 09:06:07,349 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:06:07,350 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stdout | 2025-11-04 09:06:07,350 [93] [DEBUG] [util.migrate.allocator] Right range 22-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 22-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Right range 22-32 securityworker stdout | 2025-11-04 09:06:07,350 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-22 securityworker stdout | 2025-11-04 09:06:07,350 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-22 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stdout | 2025-11-04 09:06:07,350 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 18, 28]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:06:07,353 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:06:07,353 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stdout | 2025-11-04 09:06:07,353 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-18 securityworker stdout | 2025-11-04 09:06:07,353 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-18 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Merging with block 22-32 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-32 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-18 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 22-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Left range 8-32 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 32-33 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 32-33 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 32 securityworker stdout | 2025-11-04 09:06:07,354 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 32, 42]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-32 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-32 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 8 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-32 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 8 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-8 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Total range: 1-8 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-8 securityworker stdout | 2025-11-04 09:06:07,358 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-8 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:07,359 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 7, 257745), 1, 11]) securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:07,362 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:06:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:07,362 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:06:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:06:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:37.446883+00:00 (in 30.001638 seconds) namespacegcworker stdout | 2025-11-04 09:06:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:07 GMT)" (scheduled at 2025-11-04 09:06:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:06:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:06:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 7, 445597), True, datetime.datetime(2025, 11, 4, 9, 6, 7, 445597), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:06:07,460 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:06:07,460 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:06:07,460 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:06:07,637 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:06:07,828 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:06:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:19.156372+00:00 (in 9.999555 seconds) notificationworker stdout | 2025-11-04 09:06:09,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:19 GMT)" (scheduled at 2025-11-04 09:06:09.156372+00:00) notificationworker stdout | 2025-11-04 09:06:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:06:09,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 9, 157125), True, datetime.datetime(2025, 11, 4, 9, 6, 9, 157125), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:06:09,178 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:06:09,178 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:06:09,179 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:09,517 [247] [DEBUG] [app] Starting request: urn:request:55df89cf-43c9-473c-a8b7-0139b5f7013f (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:06:09,522 [247] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): localhost:8080 gunicorn-registry stdout | 2025-11-04 09:06:09,525 [263] [DEBUG] [app] Starting request: urn:request:863883a5-60fa-44ac-9f9b-fcb8b9fbaa60 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:09,525 [263] [DEBUG] [app] Ending request: urn:request:863883a5-60fa-44ac-9f9b-fcb8b9fbaa60 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:863883a5-60fa-44ac-9f9b-fcb8b9fbaa60', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:09,526 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.003 162 0.003) gunicorn-web stdout | 2025-11-04 09:06:09,526 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:09,528 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:09,537 [248] [DEBUG] [app] Starting request: urn:request:4ce956e2-9015-4d12-b030-35a6c7ea1f57 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:09,537 [248] [DEBUG] [app] Ending request: urn:request:4ce956e2-9015-4d12-b030-35a6c7ea1f57 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:4ce956e2-9015-4d12-b030-35a6c7ea1f57', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:06:09,538 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:09,538 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:09,540 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."kid", "t1"."service", "t1"."jwk", "t1"."metadata", "t1"."created_date", "t1"."expiration_date", "t1"."rotation_duration", "t1"."approval_id" FROM "servicekey" AS "t1" LEFT OUTER JOIN "servicekeyapproval" AS "t2" ON ("t1"."approval_id" = "t2"."id") WHERE ((((NOT ("t1"."approval_id" IS %s) AND (("t1"."expiration_date" > %s) OR ("t1"."expiration_date" IS %s))) AND ("t1"."service" = %s)) AND (NOT (("t1"."service" = %s) AND ("t1"."expiration_date" <= %s)) OR NOT ((("t1"."service" = %s) AND ("t1"."approval_id" IS %s)) AND ("t1"."created_date" <= %s)))) AND (NOT ("t1"."expiration_date" <= %s) OR ("t1"."expiration_date" IS %s)))', [None, datetime.datetime(2025, 11, 4, 9, 6, 9, 539188), None, 'quay', 'quay', datetime.datetime(2025, 11, 4, 9, 6, 9, 539226), 'quay', None, datetime.datetime(2025, 11, 3, 9, 6, 9, 539252), datetime.datetime(2025, 10, 28, 9, 6, 9, 539273), None]) gunicorn-web stdout | 2025-11-04 09:06:09,554 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:09,554 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:09,555 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:09,562 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:09,562 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:09,565 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:09,568 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:09,571 [247] [DEBUG] [app] Ending request: urn:request:55df89cf-43c9-473c-a8b7-0139b5f7013f (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:55df89cf-43c9-473c-a8b7-0139b5f7013f', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:09,572 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:09,572 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.056 118 0.056) gunicorn-web stdout | 2025-11-04 09:06:09,587 [247] [DEBUG] [app] Starting request: urn:request:f9284e82-5cc3-4e8e-8b6b-a6eb68442cf5 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:06:09,589 [264] [DEBUG] [app] Starting request: urn:request:8ed1f51a-2e74-4133-b5ec-d137aeb00d16 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:09,590 [264] [DEBUG] [app] Ending request: urn:request:8ed1f51a-2e74-4133-b5ec-d137aeb00d16 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:8ed1f51a-2e74-4133-b5ec-d137aeb00d16', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:09,590 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:06:09,590 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:09,591 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:09,593 [246] [DEBUG] [app] Starting request: urn:request:d37cede0-7bb0-42a3-8836-1e5cce88092e (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:09,593 [246] [DEBUG] [app] Ending request: urn:request:d37cede0-7bb0-42a3-8836-1e5cce88092e (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:d37cede0-7bb0-42a3-8836-1e5cce88092e', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:09,593 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:09,593 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:09,594 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:09,594 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:09,594 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:09,601 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:09,601 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:09,610 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:09,614 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:09,618 [247] [DEBUG] [app] Ending request: urn:request:f9284e82-5cc3-4e8e-8b6b-a6eb68442cf5 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:f9284e82-5cc3-4e8e-8b6b-a6eb68442cf5', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:09,618 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:09,618 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.031 118 0.032) securityscanningnotificationworker stdout | 2025-11-04 09:06:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:06:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:27.745810+00:00 (in 17.001525 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:06:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:10 GMT)" (scheduled at 2025-11-04 09:06:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:06:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:06:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 10, 744627), True, datetime.datetime(2025, 11, 4, 9, 6, 10, 744627), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:06:10,757 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:06:10,757 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:06:10,757 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:06:10,950 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:06:12,140 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:06:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:06:12,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:42.952336+00:00 (in 29.999539 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:06:12,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:42 GMT)" (scheduled at 2025-11-04 09:06:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:06:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:06:12,955 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:06:12,955 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:42 GMT)" executed successfully gcworker stdout | 2025-11-04 09:06:13,454 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:24.140529+00:00 (in 9.998777 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:24 GMT)" (scheduled at 2025-11-04 09:06:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:14,142 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:06:14,143 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 14, 142178), True, datetime.datetime(2025, 11, 4, 9, 6, 14, 142178), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:06:14,160 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:06:14,160 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:06:14,160 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:24 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:06:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:06:16,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:46.130127+00:00 (in 29.999232 seconds) autopruneworker stdout | 2025-11-04 09:06:16,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:46 GMT)" (scheduled at 2025-11-04 09:06:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:06:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243576138, None, 1, 0]) storagereplication stdout | 2025-11-04 09:06:16,135 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: autopruneworker stdout | 2025-11-04 09:06:16,144 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:06:16,144 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:06:16,144 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:46 GMT)" executed successfully exportactionlogsworker stdout | 2025-11-04 09:06:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:06:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:28.340417+00:00 (in 11.996621 seconds) exportactionlogsworker stdout | 2025-11-04 09:06:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:16 GMT)" (scheduled at 2025-11-04 09:06:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:06:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:06:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:16,390 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:16,393 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:16,422 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:16,439 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:16,449 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:06:18,725 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:06:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:29.156372+00:00 (in 9.999561 seconds) notificationworker stdout | 2025-11-04 09:06:19,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:29 GMT)" (scheduled at 2025-11-04 09:06:19.156372+00:00) notificationworker stdout | 2025-11-04 09:06:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:06:19,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 19, 157179), True, datetime.datetime(2025, 11, 4, 9, 6, 19, 157179), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:06:19,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:06:19,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:06:19,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:20.247243+00:00 (in 1.001394 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:19 GMT)" (scheduled at 2025-11-04 09:06:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,246 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,257 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,258 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:06:19,258 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:06:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:06:19,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:49.635986+00:00 (in 29.999537 seconds) buildlogsarchiver stdout | 2025-11-04 09:06:19,636 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:49 GMT)" (scheduled at 2025-11-04 09:06:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:06:19,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 6, 19, 637041), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:06:19,649 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:06:19,649 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:06:19,649 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,247 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:19.245377+00:00 (in 58.997668 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,247 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:20 GMT)" (scheduled at 2025-11-04 09:06:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,260 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,261 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:06:20,261 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:06:20,936 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:06:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:06:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:37.252445+00:00 (in 15.997162 seconds) securityworker stdout | 2025-11-04 09:06:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:51 GMT)" (scheduled at 2025-11-04 09:06:21.254713+00:00) securityworker stdout | 2025-11-04 09:06:21,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:06:21,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:06:21,259 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:06:21,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:21,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:21,273 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:21,273 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:21,273 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:21,274 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stdout | 2025-11-04 09:06:21,278 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:21,278 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:21,279 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:21,280 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 21, 261952), 1, 49]) securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:21,283 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:21,284 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 21, 261952), 1, 49]) securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:21,288 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:06:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:21,288 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:06:21,633 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:21,697 [249] [DEBUG] [app] Starting request: urn:request:97779c73-c727-440f-9229-3e3e94a5c337 (/api/v1/superuser/registrysize/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:21,697 [249] [DEBUG] [app] User loader loading deferred user with uuid: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:21,697 [249] [DEBUG] [auth.cookie] Loading user from cookie: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:21,697 [246] [DEBUG] [app] Starting request: urn:request:de8c5a65-bd23-41ea-9a40-2d1a4e72a43d (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:21,698 [246] [DEBUG] [app] User loader loading deferred user with uuid: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:21,698 [246] [DEBUG] [auth.cookie] Loading user from cookie: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:21,698 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['c065e551-0bcb-44ad-9a2d-bdaadda2b893', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:21,698 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['c065e551-0bcb-44ad-9a2d-bdaadda2b893', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:21,712 [246] [DEBUG] [app] Ending request: urn:request:de8c5a65-bd23-41ea-9a40-2d1a4e72a43d (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:de8c5a65-bd23-41ea-9a40-2d1a4e72a43d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:21,713 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:21,713 [249] [DEBUG] [app] Ending request: urn:request:97779c73-c727-440f-9229-3e3e94a5c337 (/api/v1/superuser/registrysize/) {'endpoint': 'api.superuserregistrysize', 'request_id': 'urn:request:97779c73-c727-440f-9229-3e3e94a5c337', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/registrysize/', 'path': '/api/v1/superuser/registrysize/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:21,713 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:21 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 401 288 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:21 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 401 288 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.017 1706 0.017) gunicorn-web stdout | 2025-11-04 09:06:21,713 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:21,714 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:21 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.0" 401 288 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:21 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.1" 401 288 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.019 1705 0.019) builder stdout | 2025-11-04 09:06:21,844 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:06:21,925 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:22 +0000] "GET /signin HTTP/1.1" 200 402 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.000 1657 -) manifestbackfillworker stdout | 2025-11-04 09:06:22,341 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: nginx stdout | 2025/11/04 09:06:22 [error] 107#107: *162 open() "/quay-registry/static/patternfly/assets/images/rh_login.jpeg" failed (2: No such file or directory), client: 10.131.0.44, server: , request: "GET /assets/images/rh_login.jpeg HTTP/1.1", host: "quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com", referrer: "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/vendor.css" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:22 +0000] "GET /assets/images/rh_login.jpeg HTTP/1.1" 404 146 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/vendor.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.000 1628 -) gunicorn-web stdout | 2025-11-04 09:06:22,503 [246] [DEBUG] [app] Starting request: urn:request:87497b30-4f6a-4802-955a-564fdffb6853 (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:22,503 [246] [DEBUG] [app] Ending request: urn:request:87497b30-4f6a-4802-955a-564fdffb6853 (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:87497b30-4f6a-4802-955a-564fdffb6853', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:22 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1584 0.002) gunicorn-web stdout | 2025-11-04 09:06:22,504 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:22 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:22,843 [246] [DEBUG] [app] Starting request: urn:request:cb49f4bd-c77c-4ec9-8711-a53a0437d0d0 (/config) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:22,844 [246] [DEBUG] [app] Ending request: urn:request:cb49f4bd-c77c-4ec9-8711-a53a0437d0d0 (/config) {'endpoint': 'web.config', 'request_id': 'urn:request:cb49f4bd-c77c-4ec9-8711-a53a0437d0d0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/config', 'path': '/config', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:22 +0000] "GET /config HTTP/1.1" 200 4079 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.009 1660 0.009) gunicorn-web stdout | 2025-11-04 09:06:22,851 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:22 +0000] "GET /config HTTP/1.0" 200 4079 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:23,258 [249] [DEBUG] [app] Starting request: urn:request:0363d9cb-13a5-44c1-bdc7-e498357c4e2c (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:23,259 [249] [DEBUG] [app] Ending request: urn:request:0363d9cb-13a5-44c1-bdc7-e498357c4e2c (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:0363d9cb-13a5-44c1-bdc7-e498357c4e2c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:23 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1584 0.002) gunicorn-web stdout | 2025-11-04 09:06:23,259 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:23 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:23,596 [249] [DEBUG] [app] Starting request: urn:request:b91c1e1b-02b1-4970-8ba3-b1646013d0d9 (/api/v1/messages) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:23,596 [249] [DEBUG] [app] User loader loading deferred user with uuid: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:23,596 [249] [DEBUG] [auth.cookie] Loading user from cookie: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:23,597 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['c065e551-0bcb-44ad-9a2d-bdaadda2b893', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:23,610 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."content", "t1"."uuid", "t1"."severity", "t1"."media_type_id", "t2"."id", "t2"."name" FROM "messages" AS "t1" INNER JOIN "mediatype" AS "t2" ON ("t1"."media_type_id" = "t2"."id")', []) gunicorn-web stdout | 2025-11-04 09:06:23,614 [249] [DEBUG] [app] Ending request: urn:request:b91c1e1b-02b1-4970-8ba3-b1646013d0d9 (/api/v1/messages) {'endpoint': 'api.globalusermessages', 'request_id': 'urn:request:b91c1e1b-02b1-4970-8ba3-b1646013d0d9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/messages', 'path': '/api/v1/messages', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:23,614 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:23,615 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:23 +0000] "GET /api/v1/messages HTTP/1.0" 200 17 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:23 +0000] "GET /api/v1/messages HTTP/1.1" 200 17 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.020 1669 0.019) teamsyncworker stdout | 2025-11-04 09:06:24,029 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:24,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:27.142482+00:00 (in 3.000842 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:34 GMT)" (scheduled at 2025-11-04 09:06:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:06:24,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 24, 141980), True, datetime.datetime(2025, 11, 4, 9, 6, 24, 141980), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:06:24,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:06:24,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:06:24,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:24,515 [246] [DEBUG] [app] Starting request: urn:request:ea5147e1-0687-4a7f-905c-edb2e6b6e5a1 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:06:24,516 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:06:24,520 [262] [DEBUG] [app] Starting request: urn:request:d1f9131a-35e7-46c9-bbea-f2e9b5be0f04 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:24,521 [262] [DEBUG] [app] Ending request: urn:request:d1f9131a-35e7-46c9-bbea-f2e9b5be0f04 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:d1f9131a-35e7-46c9-bbea-f2e9b5be0f04', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.004 162 0.005) gunicorn-web stdout | 2025-11-04 09:06:24,522 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-registry stdout | 2025-11-04 09:06:24,522 [262] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:24,523 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:24,525 [249] [DEBUG] [app] Starting request: urn:request:403862cc-2d6d-4634-bb71-0225cd19bb9f (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:24,525 [249] [DEBUG] [app] Ending request: urn:request:403862cc-2d6d-4634-bb71-0225cd19bb9f (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:403862cc-2d6d-4634-bb71-0225cd19bb9f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:24,526 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:24,526 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:24,526 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:24,526 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:24,526 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:24,535 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:24,535 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:24,544 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:24,548 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:24,552 [246] [DEBUG] [app] Ending request: urn:request:ea5147e1-0687-4a7f-905c-edb2e6b6e5a1 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:ea5147e1-0687-4a7f-905c-edb2e6b6e5a1', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:24,552 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:24,552 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.037 118 0.037) gunicorn-web stdout | 2025-11-04 09:06:24,588 [246] [DEBUG] [app] Starting request: urn:request:9c6c96f5-d0bb-4327-aeb5-78d362b4cd90 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:06:24,589 [257] [DEBUG] [app] Starting request: urn:request:438baec9-d878-4edb-8c8c-1df1f6f7f3bd (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:24,590 [257] [DEBUG] [app] Ending request: urn:request:438baec9-d878-4edb-8c8c-1df1f6f7f3bd (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:438baec9-d878-4edb-8c8c-1df1f6f7f3bd', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:24,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:06:24,591 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:24,592 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:24,594 [249] [DEBUG] [app] Starting request: urn:request:e24798a2-21d8-4f61-ab99-15a1b94eb600 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:24,594 [249] [DEBUG] [app] Ending request: urn:request:e24798a2-21d8-4f61-ab99-15a1b94eb600 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:e24798a2-21d8-4f61-ab99-15a1b94eb600', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:06:24,594 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:24,595 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:24,595 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:24,595 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:24,595 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:24,602 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:24,602 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:24,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:24,615 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:24,618 [246] [DEBUG] [app] Ending request: urn:request:9c6c96f5-d0bb-4327-aeb5-78d362b4cd90 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:9c6c96f5-d0bb-4327-aeb5-78d362b4cd90', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:24,618 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:06:24,619 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" gunicorn-web stdout | 2025-11-04 09:06:25,328 [246] [DEBUG] [app] Starting request: urn:request:7fe54186-9d9c-49b7-93ab-a77a04366d6e (/api/v1/signin) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:25,328 [246] [DEBUG] [app] User loader loading deferred user with uuid: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:25,328 [246] [DEBUG] [auth.cookie] Loading user from cookie: c065e551-0bcb-44ad-9a2d-bdaadda2b893 gunicorn-web stdout | 2025-11-04 09:06:25,329 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['c065e551-0bcb-44ad-9a2d-bdaadda2b893', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:25,481 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) OR ("t1"."email" = %s)) LIMIT %s OFFSET %s', ['quay', 'quay', 1, 0]) globalpromstats stdout | 2025-11-04 09:06:25,627 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:25,759 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:25,763 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:25,768 [246] [DEBUG] [endpoints.common] Successfully signed in as user quay with uuid d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:25,768 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:25,768 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:25,769 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:25,772 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "logentrykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:25,777 [246] [DEBUG] [peewee] ('INSERT INTO "logentry3" ("kind_id", "account_id", "performer_id", "repository_id", "datetime", "ip", "metadata_json") VALUES (%s, %s, %s, %s, %s, %s, %s) RETURNING "logentry3"."id"', [97, 1, None, None, datetime.datetime(2025, 11, 4, 9, 6, 25, 768612), '10.131.0.44', '{"type": "quayauth", "useragent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0"}']) gunicorn-web stdout | 2025-11-04 09:06:25,782 [246] [DEBUG] [app] Ending request: urn:request:7fe54186-9d9c-49b7-93ab-a77a04366d6e (/api/v1/signin) {'endpoint': 'api.signin', 'request_id': 'urn:request:7fe54186-9d9c-49b7-93ab-a77a04366d6e', 'remote_addr': '10.131.0.44', 'http_method': 'POST', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/signin', 'path': '/api/v1/signin', 'parameters': {}, 'json_body': {'username': 'quay', 'password': '[FILTERED]'}, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:25,782 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:25,783 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:25 +0000] "POST /api/v1/signin HTTP/1.0" 200 18 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:25 +0000] "POST /api/v1/signin HTTP/1.1" 200 18 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.457 1881 0.457) quotaregistrysizeworker stdout | 2025-11-04 09:06:25,835 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:06:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:06:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:34.952363+00:00 (in 8.995190 seconds) gcworker stdout | 2025-11-04 09:06:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:55 GMT)" (scheduled at 2025-11-04 09:06:25.956600+00:00) gcworker stdout | 2025-11-04 09:06:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:06:25,970 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246885970, None, 1, 0]) gcworker stdout | 2025-11-04 09:06:25,974 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:06:25,975 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:06:55 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:26,126 [246] [DEBUG] [app] Starting request: urn:request:0f6d040f-3bf5-4380-bd50-7988b3b4f2bb (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:26,126 [246] [DEBUG] [app] Ending request: urn:request:0f6d040f-3bf5-4380-bd50-7988b3b4f2bb (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:0f6d040f-3bf5-4380-bd50-7988b3b4f2bb', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:26,127 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:26 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:26 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/signin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1585 0.002) chunkcleanupworker stdout | 2025-11-04 09:06:26,147 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:26,570 [246] [DEBUG] [app] Starting request: urn:request:6915ded3-40a0-4709-88f0-aa4fb43a2062 (/api/v1/user/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:26,571 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,571 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,571 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,584 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:26,584 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:26,584 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,584 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,585 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,585 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,585 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,586 [246] [DEBUG] [peewee] ('SELECT DISTINCT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" INNER JOIN "team" AS "t2" ON ("t2"."organization_id" = "t1"."id") INNER JOIN "teammember" AS "t3" ON ("t3"."team_id" = "t2"."id") INNER JOIN "user" AS "t4" ON ("t4"."id" = "t3"."user_id") WHERE (("t1"."organization" = %s) AND ("t4"."username" = %s))', [True, 'quay']) gunicorn-web stdout | 2025-11-04 09:06:26,591 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,591 [246] [DEBUG] [peewee] ('SELECT "t1"."service_ident", "t2"."name", "t1"."metadata_json" FROM "federatedlogin" AS "t1" INNER JOIN "loginservice" AS "t2" ON ("t1"."service_id" = "t2"."id") WHERE (("t2"."name" != %s) AND ("t1"."user_id" = %s))', ['quayrobot', 1]) gunicorn-web stdout | 2025-11-04 09:06:26,594 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."kind_id" FROM "userprompt" AS "t1" INNER JOIN "userpromptkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE ("t1"."user_id" = %s)', [1]) gunicorn-web stdout | 2025-11-04 09:06:26,598 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,601 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:26,605 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,609 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:26,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,614 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,615 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,616 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:26,619 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,619 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:26,620 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,621 [246] [DEBUG] [app] Ending request: urn:request:6915ded3-40a0-4709-88f0-aa4fb43a2062 (/api/v1/user/) {'endpoint': 'api.user', 'request_id': 'urn:request:6915ded3-40a0-4709-88f0-aa4fb43a2062', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/', 'path': '/api/v1/user/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:26,622 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:26 +0000] "GET /api/v1/user/ HTTP/1.1" 200 1745 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1673 0.053) gunicorn-web stdout | 2025-11-04 09:06:26,622 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:26 +0000] "GET /api/v1/user/ HTTP/1.0" 200 1745 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" proxycacheblobworker stdout | 2025-11-04 09:06:26,845 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:26,972 [249] [DEBUG] [app] Starting request: urn:request:14f99994-fce3-4e50-a758-f8161bd3e152 (/api/v1/superuser/registrysize/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:26,972 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,972 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,972 [248] [DEBUG] [app] Starting request: urn:request:92c129b1-f8d9-4606-a613-4e379e89dae2 (/api/v1/user/notifications) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:26,973 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,973 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,973 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,974 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,974 [247] [DEBUG] [app] Starting request: urn:request:6c18a999-670f-4d2a-88cc-a37acae2ee8d (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:26,974 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,974 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,975 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,986 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [endpoints.api] Checking permission for user quay gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,987 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,988 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:26,988 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:26,989 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,989 [247] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:26,989 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,989 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,989 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,989 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,990 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:26,990 [248] [DEBUG] [peewee] ('(SELECT "t1"."id", "t1"."uuid", "t1"."kind_id", "t1"."metadata_json", "t1"."dismissed", "t1"."lookup_path", "t1"."created", "t1"."created" AS "cd", "t1"."target_id" FROM "notification" AS "t1" INNER JOIN "notificationkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE (("t1"."dismissed" = %s) AND ("t1"."target_id" = %s))) UNION (SELECT "t3"."id", "t3"."uuid", "t3"."kind_id", "t3"."metadata_json", "t3"."dismissed", "t3"."lookup_path", "t3"."created", "t3"."created" AS "cd", "t3"."target_id" FROM "notification" AS "t3" INNER JOIN "notificationkind" AS "t4" ON ("t3"."kind_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t5"."id" = "t3"."target_id") INNER JOIN "team" AS "t6" ON ("t5"."id" = "t6"."organization_id") INNER JOIN "teamrole" AS "t7" ON ("t6"."role_id" = "t7"."id") INNER JOIN "teammember" AS "t8" ON ("t6"."id" = "t8"."team_id") INNER JOIN "user" AS "t9" ON ("t8"."user_id" = "t9"."id") WHERE (("t3"."dismissed" = %s) AND (("t9"."id" = %s) AND ("t7"."name" = %s)))) ORDER BY cd desc LIMIT %s', [False, 1, False, 1, 'admin', 6]) gunicorn-web stdout | 2025-11-04 09:06:26,993 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [True, False]) gunicorn-web stdout | 2025-11-04 09:06:26,985 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:26,996 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:26,997 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) gunicorn-web stdout | 2025-11-04 09:06:26,997 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:26,997 [248] [DEBUG] [app] Ending request: urn:request:92c129b1-f8d9-4606-a613-4e379e89dae2 (/api/v1/user/notifications) {'endpoint': 'api.usernotificationlist', 'request_id': 'urn:request:92c129b1-f8d9-4606-a613-4e379e89dae2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/notifications', 'path': '/api/v1/user/notifications', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:26,998 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:26 +0000] "GET /api/v1/user/notifications HTTP/1.1" 200 43 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.027 1686 0.027) gunicorn-web stdout | 2025-11-04 09:06:26,998 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:26 +0000] "GET /api/v1/user/notifications HTTP/1.0" 200 43 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:27,000 [249] [DEBUG] [app] Ending request: urn:request:14f99994-fce3-4e50-a758-f8161bd3e152 (/api/v1/superuser/registrysize/) {'endpoint': 'api.superuserregistrysize', 'request_id': 'urn:request:14f99994-fce3-4e50-a758-f8161bd3e152', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/registrysize/', 'path': '/api/v1/superuser/registrysize/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,001 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:27,001 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.1" 200 71 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.030 1691 0.030) gunicorn-web stdout | 2025-11-04 09:06:27,001 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.0" 200 71 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:27,004 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:27,008 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:27,012 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,015 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:27,018 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,021 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['testorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,024 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:27,027 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,031 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,034 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:27,037 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,040 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['testorg2', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,044 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:27,047 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [5, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,050 [247] [DEBUG] [app] Ending request: urn:request:6c18a999-670f-4d2a-88cc-a37acae2ee8d (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:6c18a999-670f-4d2a-88cc-a37acae2ee8d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,051 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 200 1382 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.078 1692 0.079) gunicorn-web stdout | 2025-11-04 09:06:27,051 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 200 1382 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" repositorygcworker stdout | 2025-11-04 09:06:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:06:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:51.065407+00:00 (in 24.001078 seconds) repositorygcworker stdout | 2025-11-04 09:06:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:27 GMT)" (scheduled at 2025-11-04 09:06:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:06:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:06:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 27, 64660), True, datetime.datetime(2025, 11, 4, 9, 6, 27, 64660), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:06:27,077 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:06:27,077 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:06:27,077 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:06:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:27,143 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:34.140529+00:00 (in 6.997271 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:27 GMT)" (scheduled at 2025-11-04 09:06:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:06:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:06:27,343 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:27,425 [246] [DEBUG] [app] Starting request: urn:request:a27ddb7d-50b0-4669-acde-27b628f07d0a (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,426 [249] [DEBUG] [app] Starting request: urn:request:992a7504-cc7b-4bec-ba1e-0bb69c346117 (/api/v1/organization/quayorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,426 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,426 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,426 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,426 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,426 [247] [DEBUG] [app] Starting request: urn:request:5f00842b-d168-4ba6-a3e6-b20bc069dcf5 (/api/v1/organization/quayorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,426 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,426 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,426 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,426 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,427 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,438 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,438 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,438 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,438 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,438 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,438 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,438 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,439 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,439 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,439 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,439 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,439 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,439 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,439 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,439 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,439 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,439 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,440 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:27,441 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,441 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:27,444 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,444 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,444 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,444 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,445 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,445 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,445 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,445 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,445 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,446 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,446 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,447 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,447 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:27,447 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,447 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,447 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,447 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,447 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,447 [247] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quayorg+%']) gunicorn-web stdout | 2025-11-04 09:06:27,448 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,451 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,452 [247] [DEBUG] [app] Ending request: urn:request:5f00842b-d168-4ba6-a3e6-b20bc069dcf5 (/api/v1/organization/quayorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:5f00842b-d168-4ba6-a3e6-b20bc069dcf5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/quayorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,453 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,453 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,453 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,453 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,453 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:27,453 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:06:27,453 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.028 1724 0.028) gunicorn-web stdout | 2025-11-04 09:06:27,455 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [2, False]) gunicorn-web stdout | 2025-11-04 09:06:27,456 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:27,460 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:06:27,460 [249] [DEBUG] [app] Ending request: urn:request:992a7504-cc7b-4bec-ba1e-0bb69c346117 (/api/v1/organization/quayorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:992a7504-cc7b-4bec-ba1e-0bb69c346117', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/members', 'path': '/api/v1/organization/quayorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,461 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/quayorg/members HTTP/1.1" 200 400 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.037 1696 0.037) gunicorn-web stdout | 2025-11-04 09:06:27,461 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/quayorg/members HTTP/1.0" 200 400 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:27,463 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:06:27,466 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,466 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,466 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,466 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,467 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:27,471 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,474 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:27,477 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,481 [246] [DEBUG] [app] Ending request: urn:request:a27ddb7d-50b0-4669-acde-27b628f07d0a (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:a27ddb7d-50b0-4669-acde-27b628f07d0a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,481 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:27,482 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.058 1688 0.058) securityscanningnotificationworker stdout | 2025-11-04 09:06:27,534 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:06:27,742 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:06:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:06:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:10.743793+00:00 (in 42.997548 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:06:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:27 GMT)" (scheduled at 2025-11-04 09:06:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:06:27,746 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:06:27,746 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:27 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:27,791 [246] [DEBUG] [app] Starting request: urn:request:fca81696-d45b-4af0-a76f-13b4ba291fa6 (/api/v1/organization/testorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,791 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,791 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,792 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,794 [249] [DEBUG] [app] Starting request: urn:request:13d5dae1-a764-414d-851c-6641344f7a17 (/api/v1/organization/testorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,794 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,794 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,795 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,803 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,803 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,803 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,804 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,804 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,804 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,804 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,806 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:27,806 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,806 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,806 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,807 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,807 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,807 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,807 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,808 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,810 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,811 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,811 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,811 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,811 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,811 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,811 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,812 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'testorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,813 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,814 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,814 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,814 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,814 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,814 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,815 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,815 [248] [DEBUG] [app] Starting request: urn:request:ebb4592b-5492-48cb-9d02-844cbb8d9e98 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,815 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:27,815 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,815 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,816 [249] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'testorg+%']) gunicorn-web stdout | 2025-11-04 09:06:27,816 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,819 [247] [DEBUG] [app] Starting request: urn:request:60ce8188-01a3-4bf9-90db-d08890e1f27b (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:27,819 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,819 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,820 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [3, False]) gunicorn-web stdout | 2025-11-04 09:06:27,820 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,822 [249] [DEBUG] [app] Ending request: urn:request:13d5dae1-a764-414d-851c-6641344f7a17 (/api/v1/organization/testorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:13d5dae1-a764-414d-851c-6641344f7a17', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/testorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/testorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,822 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:27,822 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/testorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/testorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.029 1724 0.029) gunicorn-web stdout | 2025-11-04 09:06:27,825 [246] [DEBUG] [app] Ending request: urn:request:fca81696-d45b-4af0-a76f-13b4ba291fa6 (/api/v1/organization/testorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:fca81696-d45b-4af0-a76f-13b4ba291fa6', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/testorg/members', 'path': '/api/v1/organization/testorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,825 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:27,826 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/testorg/members HTTP/1.0" 200 389 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/organization/testorg/members HTTP/1.1" 200 389 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.036 1696 0.036) gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,828 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,829 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,829 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:27,831 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:27,832 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:06:27,833 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:27,836 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:27,836 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['public', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,840 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,840 [248] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'testorg', 1, 3, 1, 'testorg', 101]) gunicorn-web stdout | 2025-11-04 09:06:27,843 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:27,845 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [7, None, 1762247187845, False]) gunicorn-web stdout | 2025-11-04 09:06:27,846 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:27,850 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:27,850 [247] [DEBUG] [app] Ending request: urn:request:60ce8188-01a3-4bf9-90db-d08890e1f27b (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:60ce8188-01a3-4bf9-90db-d08890e1f27b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,851 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:27,851 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.033 1684 0.033) gunicorn-web stdout | 2025-11-04 09:06:27,854 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [7]) gunicorn-web stdout | 2025-11-04 09:06:27,857 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:27,860 [248] [DEBUG] [app] Ending request: urn:request:ebb4592b-5492-48cb-9d02-844cbb8d9e98 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:ebb4592b-5492-48cb-9d02-844cbb8d9e98', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=testorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'testorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:27,861 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg&public=true HTTP/1.1" 200 259 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.047 1727 0.047) gunicorn-web stdout | 2025-11-04 09:06:27,862 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:27 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg&public=true HTTP/1.0" 200 259 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:28,159 [248] [DEBUG] [app] Starting request: urn:request:5cc477c6-b6d0-46fb-8010-167a8246366c (/api/v1/organization/superorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,159 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,159 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,160 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,172 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,172 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,172 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,172 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,173 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,173 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,173 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,177 [246] [DEBUG] [app] Starting request: urn:request:d1a42193-ddf2-44dc-a474-d6a2cb5ce427 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,177 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,177 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,177 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:28,178 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,182 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,182 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,183 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,184 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,184 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,184 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,185 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,188 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:28,189 [247] [DEBUG] [app] Starting request: urn:request:1de6343a-71d9-46fe-a65c-266e2679b7d6 (/api/v1/organization/superorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,189 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,189 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,190 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,190 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,191 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,191 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,193 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [4, False]) gunicorn-web stdout | 2025-11-04 09:06:28,195 [249] [DEBUG] [app] Starting request: urn:request:3144f9b8-e9bc-4cb2-8792-cbb23fe393dc (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,195 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:28,195 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,195 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,196 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,198 [248] [DEBUG] [app] Ending request: urn:request:5cc477c6-b6d0-46fb-8010-167a8246366c (/api/v1/organization/superorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:5cc477c6-b6d0-46fb-8010-167a8246366c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/members', 'path': '/api/v1/organization/superorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,198 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:28,198 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['public', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,199 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/superorg/members HTTP/1.0" 200 388 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/superorg/members HTTP/1.1" 200 388 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.042 1697 0.041) gunicorn-web stdout | 2025-11-04 09:06:28,201 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,201 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,201 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,201 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,202 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,202 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,202 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,202 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quayorg', 1, 3, 1, 'quayorg', 101]) gunicorn-web stdout | 2025-11-04 09:06:28,203 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:28,207 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,207 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,207 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,207 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,208 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,208 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s, %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [1, 10, None, 1762247188208, False]) gunicorn-web stdout | 2025-11-04 09:06:28,208 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,209 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,209 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,209 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,209 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,209 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,209 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,209 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,210 [247] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'superorg+%']) gunicorn-web stdout | 2025-11-04 09:06:28,213 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:28,213 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:28,215 [247] [DEBUG] [app] Ending request: urn:request:1de6343a-71d9-46fe-a65c-266e2679b7d6 (/api/v1/organization/superorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:1de6343a-71d9-46fe-a65c-266e2679b7d6', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/superorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,216 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.028 1725 0.028) gunicorn-web stdout | 2025-11-04 09:06:28,216 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:28,217 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['public', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,217 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s, %s))', [1, 10]) gunicorn-web stdout | 2025-11-04 09:06:28,220 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:28,221 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'superorg', 1, 3, 1, 'superorg', 101]) gunicorn-web stdout | 2025-11-04 09:06:28,223 [246] [DEBUG] [app] Ending request: urn:request:d1a42193-ddf2-44dc-a474-d6a2cb5ce427 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:d1a42193-ddf2-44dc-a474-d6a2cb5ce427', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quayorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quayorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,224 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.1" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.048 1727 0.048) gunicorn-web stdout | 2025-11-04 09:06:28,224 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.0" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:28,227 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [9, None, 1762247188226, False]) gunicorn-web stdout | 2025-11-04 09:06:28,232 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:28,235 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [9]) gunicorn-web stdout | 2025-11-04 09:06:28,239 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:28,243 [249] [DEBUG] [app] Ending request: urn:request:3144f9b8-e9bc-4cb2-8792-cbb23fe393dc (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:3144f9b8-e9bc-4cb2-8792-cbb23fe393dc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=superorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'superorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,243 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.1" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1728 0.050) gunicorn-web stdout | 2025-11-04 09:06:28,244 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.0" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:28,330 [249] [DEBUG] [app] Starting request: urn:request:ef6e2f0b-4269-4238-9d12-efa50cb50b9b (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,330 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,330 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,331 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:06:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:06:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:12.342983+00:00 (in 44.002151 seconds) exportactionlogsworker stdout | 2025-11-04 09:06:28,340 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:28 GMT)" (scheduled at 2025-11-04 09:06:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:06:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:06:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 28, 341161), True, datetime.datetime(2025, 11, 4, 9, 6, 28, 341161), 0, 'exportactionlogs/%', 50, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,343 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,344 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,344 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,345 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,348 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,348 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,348 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,348 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,350 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) exportactionlogsworker stdout | 2025-11-04 09:06:28,352 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:06:28,352 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:06:28,352 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:28 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,355 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,356 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,356 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,356 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,356 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,356 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:28,359 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:28,363 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:28,367 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:28,369 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,370 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,370 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,370 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,370 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:28,374 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,377 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:28,380 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,384 [249] [DEBUG] [app] Ending request: urn:request:ef6e2f0b-4269-4238-9d12-efa50cb50b9b (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:ef6e2f0b-4269-4238-9d12-efa50cb50b9b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,384 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1689 0.056) gunicorn-web stdout | 2025-11-04 09:06:28,385 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" expiredappspecifictokenworker stdout | 2025-11-04 09:06:28,425 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:28,449 [249] [DEBUG] [app] Starting request: urn:request:26acfcff-3537-428e-8c85-d755bdfb4e28 (/api/v1/organization/testorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,449 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,449 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,450 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,462 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,462 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,462 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,463 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'testorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,466 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,466 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,466 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,466 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,468 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,473 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,474 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,474 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,474 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,474 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,474 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,474 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:28,477 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [2]) gunicorn-web stdout | 2025-11-04 09:06:28,481 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [2]) gunicorn-web stdout | 2025-11-04 09:06:28,483 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,483 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,483 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,484 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,484 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:28,488 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['testorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,491 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:28,494 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,497 [249] [DEBUG] [app] Ending request: urn:request:26acfcff-3537-428e-8c85-d755bdfb4e28 (/api/v1/organization/testorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:26acfcff-3537-428e-8c85-d755bdfb4e28', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/testorg', 'path': '/api/v1/organization/testorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,498 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/testorg HTTP/1.1" 200 811 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1688 0.050) gunicorn-web stdout | 2025-11-04 09:06:28,498 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/testorg HTTP/1.0" 200 811 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:28,534 [249] [DEBUG] [app] Starting request: urn:request:5ee1ab47-4b97-4d4e-89ff-a0761b4cfb32 (/api/v1/organization/testorg2) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,535 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,535 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,535 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,546 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,546 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,546 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,547 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'testorg2', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,549 [248] [DEBUG] [app] Starting request: urn:request:36a31fc4-17aa-4e40-be12-8a5bfee48fce (/api/v1/organization/testorg2/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,549 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,549 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,550 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,550 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,551 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,551 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,551 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,553 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:28,558 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,558 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,558 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,558 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,558 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,559 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,560 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,560 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,561 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,563 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:28,563 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [4]) gunicorn-web stdout | 2025-11-04 09:06:28,567 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [4]) gunicorn-web stdout | 2025-11-04 09:06:28,567 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,567 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,568 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,569 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'testorg2', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,570 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,570 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,570 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,570 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,571 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:28,573 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:28,575 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['testorg2', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,577 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [5, False]) gunicorn-web stdout | 2025-11-04 09:06:28,578 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:28,579 [246] [DEBUG] [app] Starting request: urn:request:be3a7921-01f7-4384-80b4-eec6dd4d10da (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,579 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,579 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,580 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,581 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [5, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,581 [248] [DEBUG] [app] Ending request: urn:request:36a31fc4-17aa-4e40-be12-8a5bfee48fce (/api/v1/organization/testorg2/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:36a31fc4-17aa-4e40-be12-8a5bfee48fce', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/testorg2/members', 'path': '/api/v1/organization/testorg2/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,582 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:28,582 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/testorg2/members HTTP/1.0" 200 389 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/testorg2/members HTTP/1.1" 200 389 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.034 1697 0.034) gunicorn-web stdout | 2025-11-04 09:06:28,584 [249] [DEBUG] [app] Ending request: urn:request:5ee1ab47-4b97-4d4e-89ff-a0761b4cfb32 (/api/v1/organization/testorg2) {'endpoint': 'api.organization', 'request_id': 'urn:request:5ee1ab47-4b97-4d4e-89ff-a0761b4cfb32', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/testorg2', 'path': '/api/v1/organization/testorg2', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,585 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/testorg2 HTTP/1.1" 200 814 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1689 0.052) gunicorn-web stdout | 2025-11-04 09:06:28,585 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/testorg2 HTTP/1.0" 200 814 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,592 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,593 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,593 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,597 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'testorg2', 1, 3, 1, 'testorg2', 101]) gunicorn-web stdout | 2025-11-04 09:06:28,602 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [8, None, 1762247188602, False]) gunicorn-web stdout | 2025-11-04 09:06:28,607 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:28,611 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [8]) gunicorn-web stdout | 2025-11-04 09:06:28,614 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:28,617 [246] [DEBUG] [app] Ending request: urn:request:be3a7921-01f7-4384-80b4-eec6dd4d10da (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:be3a7921-01f7-4384-80b4-eec6dd4d10da', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=testorg2&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'testorg2', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,618 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:28,618 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg2&public=true HTTP/1.0" 200 254 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg2&public=true HTTP/1.1" 200 254 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.041 1728 0.041) gunicorn-web stdout | 2025-11-04 09:06:28,719 [246] [DEBUG] [app] Starting request: urn:request:079159a5-17cb-4519-9b22-984b05fc418e (/api/v1/organization/quay/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,719 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,719 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,719 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,732 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,733 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,737 [246] [DEBUG] [app] Ending request: urn:request:079159a5-17cb-4519-9b22-984b05fc418e (/api/v1/organization/quay/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:079159a5-17cb-4519-9b22-984b05fc418e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quay/members', 'path': '/api/v1/organization/quay/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,737 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:28,738 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/quay/members HTTP/1.0" 404 248 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/quay/members HTTP/1.1" 404 248 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.020 1693 0.020) gunicorn-web stdout | 2025-11-04 09:06:28,834 [246] [DEBUG] [app] Starting request: urn:request:b6f3bfa3-47eb-411f-b640-9c7f44e02549 (/api/v1/organization/quay/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,834 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,834 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,835 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,846 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,846 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,846 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,846 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,846 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,846 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,847 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,847 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,847 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,847 [246] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quay+%']) gunicorn-web stdout | 2025-11-04 09:06:28,853 [246] [DEBUG] [app] Ending request: urn:request:b6f3bfa3-47eb-411f-b640-9c7f44e02549 (/api/v1/organization/quay/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:b6f3bfa3-47eb-411f-b640-9c7f44e02549', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quay/robots?permissions=true&token=false', 'path': '/api/v1/organization/quay/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,853 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:28,854 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/quay/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/organization/quay/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.022 1721 0.022) gunicorn-web stdout | 2025-11-04 09:06:28,916 [246] [DEBUG] [app] Starting request: urn:request:a9125890-3a12-428b-ae49-10380c6cd706 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:28,917 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,917 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,917 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,929 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:28,929 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:28,930 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,930 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:28,930 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,930 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,930 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:28,930 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:28,931 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:28,935 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quay', 1, 3, 1, 'quay', 101]) gunicorn-web stdout | 2025-11-04 09:06:28,941 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:28,944 [246] [DEBUG] [app] Ending request: urn:request:a9125890-3a12-428b-ae49-10380c6cd706 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:a9125890-3a12-428b-ae49-10380c6cd706', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quay&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quay', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:28,945 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.029 1724 0.030) gunicorn-web stdout | 2025-11-04 09:06:28,945 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:28 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:29,047 [246] [DEBUG] [app] Starting request: urn:request:bd7eaf2b-e355-46d2-a147-c19693f9c394 (/api/v1/organization/testorg2/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:29,047 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:29,047 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:29,048 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,059 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,060 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:29,065 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,065 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,065 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='testorg2', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='testorg2', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:29,066 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:29,067 [246] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'testorg2+%']) gunicorn-web stdout | 2025-11-04 09:06:29,072 [246] [DEBUG] [app] Ending request: urn:request:bd7eaf2b-e355-46d2-a147-c19693f9c394 (/api/v1/organization/testorg2/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:bd7eaf2b-e355-46d2-a147-c19693f9c394', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/testorg2/robots?permissions=true&token=false', 'path': '/api/v1/organization/testorg2/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:29,072 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:29,073 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:29 +0000] "GET /api/v1/organization/testorg2/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:29 +0000] "GET /api/v1/organization/testorg2/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.027 1725 0.027) notificationworker stdout | 2025-11-04 09:06:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:29.157944+00:00 (in 0.001111 seconds) notificationworker stdout | 2025-11-04 09:06:29,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:39 GMT)" (scheduled at 2025-11-04 09:06:29.156372+00:00) notificationworker stdout | 2025-11-04 09:06:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:06:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 29, 157242), True, datetime.datetime(2025, 11, 4, 9, 6, 29, 157242), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:06:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:39.156372+00:00 (in 9.997601 seconds) notificationworker stdout | 2025-11-04 09:06:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:29 GMT)" (scheduled at 2025-11-04 09:06:29.157944+00:00) notificationworker stdout | 2025-11-04 09:06:29,159 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:06:29,159 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:06:29,169 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:06:29,169 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:06:29,169 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:06:29,341 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:06:29,545 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:06:30,548 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:06:30,639 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:06:31,398 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:06:31,398 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:06:31,404 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:06:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:06:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:31.643382+00:00 (in 59.999522 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:06:31,644 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:31 GMT)" (scheduled at 2025-11-04 09:06:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:06:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:06:31,655 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:06:31,655 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:31 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:06:33,665 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,669 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,758 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,760 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,764 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,767 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,769 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,771 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:06:33,772 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:34,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:44.140529+00:00 (in 9.999503 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:44 GMT)" (scheduled at 2025-11-04 09:06:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:06:34,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 34, 141491), True, datetime.datetime(2025, 11, 4, 9, 6, 34, 141491), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:06:34,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:06:34,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:06:34,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:44 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: gcworker stdout | 2025-11-04 09:06:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:06:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:55.956600+00:00 (in 21.003777 seconds) gcworker stdout | 2025-11-04 09:06:34,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:04 GMT)" (scheduled at 2025-11-04 09:06:34.952363+00:00) gcworker stdout | 2025-11-04 09:06:34,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037594953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:06:34,968 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:06:34,968 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:06:34,968 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:04 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:36,007 [246] [DEBUG] [app] Starting request: urn:request:c56e3e62-98dd-4e18-b48e-5057fcc2159d (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:36,007 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,007 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,007 [248] [DEBUG] [app] Starting request: urn:request:b72ca664-0d05-4eb2-a1fd-aea72836145a (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:36,008 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,008 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,008 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:36,008 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:36,020 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:36,020 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:36,020 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,021 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,021 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:36,021 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:36,021 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:36,021 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:36,021 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:36,021 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:36,021 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,021 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:36,021 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:36,022 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:36,022 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:36,022 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:36,022 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:36,022 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:36,026 [248] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'testorg2', 1, 3, 1, 'testorg2', 101]) gunicorn-web stdout | 2025-11-04 09:06:36,026 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'testorg', 1, 3, 1, 'testorg', 101]) gunicorn-web stdout | 2025-11-04 09:06:36,032 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [8, None, 1762247196031, False]) gunicorn-web stdout | 2025-11-04 09:06:36,033 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [7, None, 1762247196032, False]) gunicorn-web stdout | 2025-11-04 09:06:36,037 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:36,037 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:36,041 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [7]) gunicorn-web stdout | 2025-11-04 09:06:36,041 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [8]) gunicorn-web stdout | 2025-11-04 09:06:36,044 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:36,045 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:36,048 [248] [DEBUG] [app] Ending request: urn:request:b72ca664-0d05-4eb2-a1fd-aea72836145a (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:b72ca664-0d05-4eb2-a1fd-aea72836145a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=testorg2&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'testorg2', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:36,048 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:36,049 [246] [DEBUG] [app] Ending request: urn:request:c56e3e62-98dd-4e18-b48e-5057fcc2159d (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:c56e3e62-98dd-4e18-b48e-5057fcc2159d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=testorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'testorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:36,049 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg2&public=true HTTP/1.0" 200 254 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg2&public=true HTTP/1.1" 200 254 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.043 1743 0.043) gunicorn-web stdout | 2025-11-04 09:06:36,049 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg&public=true HTTP/1.1" 200 259 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.044 1742 0.044) gunicorn-web stdout | 2025-11-04 09:06:36,050 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=testorg&public=true HTTP/1.0" 200 259 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" securityworker stdout | 2025-11-04 09:06:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:06:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:51.254713+00:00 (in 14.001806 seconds) securityworker stdout | 2025-11-04 09:06:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:07 GMT)" (scheduled at 2025-11-04 09:06:37.252445+00:00) securityworker stdout | 2025-11-04 09:06:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:06:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:06:37,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:06:37,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:06:37,268 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:06:37,269 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:07 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:06:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:06:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:07.444700+00:00 (in 29.997347 seconds) namespacegcworker stdout | 2025-11-04 09:06:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:37 GMT)" (scheduled at 2025-11-04 09:06:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:06:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:06:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:06:37,650 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:06:37,841 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:06:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:49.156372+00:00 (in 9.999459 seconds) notificationworker stdout | 2025-11-04 09:06:39,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:49 GMT)" (scheduled at 2025-11-04 09:06:39.156372+00:00) notificationworker stdout | 2025-11-04 09:06:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:06:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 39, 157298), True, datetime.datetime(2025, 11, 4, 9, 6, 39, 157298), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:06:39,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:06:39,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:06:39,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:39,517 [247] [DEBUG] [app] Starting request: urn:request:4a06e56e-133d-4397-b770-d14a1a53cd3a (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:06:39,519 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:06:39,521 [257] [DEBUG] [app] Starting request: urn:request:caf1cde0-586f-4273-9764-56ff2c6e5229 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:39,522 [257] [DEBUG] [app] Ending request: urn:request:caf1cde0-586f-4273-9764-56ff2c6e5229 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:caf1cde0-586f-4273-9764-56ff2c6e5229', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:39,522 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:06:39,522 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:39,524 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:39,526 [247] [DEBUG] [app] Starting request: urn:request:10f93fdb-ee99-4fbf-a0a2-1b7d0fd52b93 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:39,526 [247] [DEBUG] [app] Ending request: urn:request:10f93fdb-ee99-4fbf-a0a2-1b7d0fd52b93 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:10f93fdb-ee99-4fbf-a0a2-1b7d0fd52b93', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:39,527 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:39,527 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:39,528 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:39,528 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:39,528 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:39,536 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:39,536 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:39,547 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:39,550 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:39,553 [247] [DEBUG] [app] Ending request: urn:request:4a06e56e-133d-4397-b770-d14a1a53cd3a (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:4a06e56e-133d-4397-b770-d14a1a53cd3a', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:39,553 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:39,554 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.038 118 0.038) gunicorn-web stdout | 2025-11-04 09:06:39,587 [246] [DEBUG] [app] Starting request: urn:request:aed162ac-d4e0-462c-a684-8e12cb6d7148 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:06:39,589 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:06:39,591 [257] [DEBUG] [app] Starting request: urn:request:df898e60-95ce-45bd-840b-61678eccce0f (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:39,591 [257] [DEBUG] [app] Ending request: urn:request:df898e60-95ce-45bd-840b-61678eccce0f (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:df898e60-95ce-45bd-840b-61678eccce0f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:39,592 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:06:39,592 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:39,593 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:39,594 [247] [DEBUG] [app] Starting request: urn:request:d0c3cfb9-8378-4fe5-89c2-e9d205239d69 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:39,595 [247] [DEBUG] [app] Ending request: urn:request:d0c3cfb9-8378-4fe5-89c2-e9d205239d69 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:d0c3cfb9-8378-4fe5-89c2-e9d205239d69', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:06:39,595 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:39,595 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:39,596 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:39,596 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:39,596 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:39,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:39,603 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:39,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:39,615 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:39,618 [246] [DEBUG] [app] Ending request: urn:request:aed162ac-d4e0-462c-a684-8e12cb6d7148 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:aed162ac-d4e0-462c-a684-8e12cb6d7148', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:39,618 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:39,619 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:06:40,920 [249] [DEBUG] [app] Starting request: urn:request:609f5160-dd6f-4733-b79c-56d5f8fe8f71 (/api/v1/superuser/organizations/testorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:40,920 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,920 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,920 [247] [DEBUG] [app] Starting request: urn:request:38ff2106-ce28-4094-846d-c7f972001d1e (/api/v1/superuser/organizations/testorg2) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:40,920 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,920 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,921 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:40,921 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:40,933 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:40,933 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:40,933 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,933 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:40,933 [247] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:40,933 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,934 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,934 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:40,934 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:40,934 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:40,934 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:40,934 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'testorg2', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:40,935 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'testorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:40,938 [247] [DEBUG] [peewee] ('DELETE FROM "queueitem" WHERE ("queueitem"."queue_name" ILIKE %s)', ['dockerfilebuild/testorg2/%']) gunicorn-web stdout | 2025-11-04 09:06:40,938 [249] [DEBUG] [peewee] ('DELETE FROM "queueitem" WHERE ("queueitem"."queue_name" ILIKE %s)', ['dockerfilebuild/testorg/%']) gunicorn-web stdout | 2025-11-04 09:06:40,941 [247] [DEBUG] [peewee] ('DELETE FROM "queueitem" WHERE ("queueitem"."queue_name" ILIKE %s)', ['notification/testorg2/%']) gunicorn-web stdout | 2025-11-04 09:06:40,941 [249] [DEBUG] [peewee] ('DELETE FROM "queueitem" WHERE ("queueitem"."queue_name" ILIKE %s)', ['notification/testorg/%']) gunicorn-web stdout | 2025-11-04 09:06:40,944 [249] [DEBUG] [peewee] ('DELETE FROM "queueitem" WHERE ("queueitem"."queue_name" ILIKE %s)', ['repositorygc/testorg/%']) gunicorn-web stdout | 2025-11-04 09:06:40,944 [247] [DEBUG] [peewee] ('DELETE FROM "queueitem" WHERE ("queueitem"."queue_name" ILIKE %s)', ['repositorygc/testorg2/%']) gunicorn-web stdout | 2025-11-04 09:06:40,947 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" WHERE ("t1"."organization_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:40,947 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" WHERE ("t1"."organization_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:40,950 [249] [DEBUG] [peewee] ('UPDATE "permissionprototype" SET "delegate_team_id" = %s WHERE ("permissionprototype"."delegate_team_id" = %s)', [None, 2]) gunicorn-web stdout | 2025-11-04 09:06:40,950 [247] [DEBUG] [peewee] ('UPDATE "permissionprototype" SET "delegate_team_id" = %s WHERE ("permissionprototype"."delegate_team_id" = %s)', [None, 4]) gunicorn-web stdout | 2025-11-04 09:06:40,951 [249] [DEBUG] [peewee] ('UPDATE "repositorypermission" SET "team_id" = %s WHERE ("repositorypermission"."team_id" = %s)', [None, 2]) gunicorn-web stdout | 2025-11-04 09:06:40,953 [249] [DEBUG] [peewee] ('DELETE FROM "teamsync" WHERE ("teamsync"."team_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:06:40,953 [247] [DEBUG] [peewee] ('UPDATE "repositorypermission" SET "team_id" = %s WHERE ("repositorypermission"."team_id" = %s)', [None, 4]) gunicorn-web stdout | 2025-11-04 09:06:40,955 [247] [DEBUG] [peewee] ('DELETE FROM "teamsync" WHERE ("teamsync"."team_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:40,955 [249] [DEBUG] [peewee] ('DELETE FROM "teammemberinvite" WHERE ("teammemberinvite"."team_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:06:40,956 [247] [DEBUG] [peewee] ('DELETE FROM "teammemberinvite" WHERE ("teammemberinvite"."team_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:40,956 [249] [DEBUG] [peewee] ('DELETE FROM "teammember" WHERE ("teammember"."team_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:06:40,957 [247] [DEBUG] [peewee] ('DELETE FROM "teammember" WHERE ("teammember"."team_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:40,958 [249] [DEBUG] [peewee] ('DELETE FROM "team" WHERE ("team"."id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:06:40,959 [247] [DEBUG] [peewee] ('DELETE FROM "team" WHERE ("team"."id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:40,963 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."client_id", "t1"."secure_client_secret", "t1"."fully_migrated", "t1"."redirect_uri", "t1"."application_uri", "t1"."organization_id", "t1"."name", "t1"."description", "t1"."gravatar_email" FROM "oauthapplication" AS "t1" WHERE ("t1"."organization_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:40,963 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."client_id", "t1"."secure_client_secret", "t1"."fully_migrated", "t1"."redirect_uri", "t1"."application_uri", "t1"."organization_id", "t1"."name", "t1"."description", "t1"."gravatar_email" FROM "oauthapplication" AS "t1" WHERE ("t1"."organization_id" = %s)', [5]) autopruneworker stdout | 2025-11-04 09:06:40,964 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:40,966 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."service_id", "t1"."repository_id", "t1"."connected_user_id", "t1"."secure_auth_token", "t1"."secure_private_key", "t1"."fully_migrated", "t1"."config", "t1"."write_token_id", "t1"."pull_robot_id", "t1"."enabled", "t1"."disabled_reason_id", "t1"."disabled_datetime", "t1"."successive_failure_count", "t1"."successive_internal_error_count" FROM "repositorybuildtrigger" AS "t1" WHERE ("t1"."connected_user_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:40,967 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."service_id", "t1"."repository_id", "t1"."connected_user_id", "t1"."secure_auth_token", "t1"."secure_private_key", "t1"."fully_migrated", "t1"."config", "t1"."write_token_id", "t1"."pull_robot_id", "t1"."enabled", "t1"."disabled_reason_id", "t1"."disabled_datetime", "t1"."successive_failure_count", "t1"."successive_internal_error_count" FROM "repositorybuildtrigger" AS "t1" WHERE ("t1"."connected_user_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:40,970 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg']) gunicorn-web stdout | 2025-11-04 09:06:40,970 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['testorg2']) gunicorn-web stdout | 2025-11-04 09:06:40,973 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed", "t2"."id", "t2"."robot_account_id", "t2"."token", "t2"."fully_migrated", "t3"."id", "t3"."robot_account_id", "t3"."description", "t3"."unstructured_json" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s))', [True, 'testorg+%']) gunicorn-web stdout | 2025-11-04 09:06:40,974 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed", "t2"."id", "t2"."robot_account_id", "t2"."token", "t2"."fully_migrated", "t3"."id", "t3"."robot_account_id", "t3"."description", "t3"."unstructured_json" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s))', [True, 'testorg2+%']) gunicorn-web stdout | 2025-11-04 09:06:40,976 [247] [DEBUG] [peewee] ('DELETE FROM "repomirrorconfig" WHERE (0 = 1)', []) gunicorn-web stdout | 2025-11-04 09:06:40,976 [249] [DEBUG] [peewee] ('DELETE FROM "repomirrorconfig" WHERE (0 = 1)', []) gunicorn-web stdout | 2025-11-04 09:06:40,979 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed", "t2"."id", "t2"."robot_account_id", "t2"."token", "t2"."fully_migrated", "t3"."id", "t3"."robot_account_id", "t3"."description", "t3"."unstructured_json" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s))', [True, 'testorg2+%']) gunicorn-web stdout | 2025-11-04 09:06:40,980 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed", "t2"."id", "t2"."robot_account_id", "t2"."token", "t2"."fully_migrated", "t3"."id", "t3"."robot_account_id", "t3"."description", "t3"."unstructured_json" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s))', [True, 'testorg+%']) gunicorn-web stdout | 2025-11-04 09:06:40,982 [247] [DEBUG] [peewee] ('UPDATE "servicekeyapproval" SET "approver_id" = %s WHERE ("servicekeyapproval"."approver_id" = %s)', [None, 5]) gunicorn-web stdout | 2025-11-04 09:06:40,983 [249] [DEBUG] [peewee] ('UPDATE "servicekeyapproval" SET "approver_id" = %s WHERE ("servicekeyapproval"."approver_id" = %s)', [None, 3]) gunicorn-web stdout | 2025-11-04 09:06:40,985 [247] [DEBUG] [peewee] ('DELETE FROM "federatedlogin" WHERE ("federatedlogin"."user_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:40,986 [249] [DEBUG] [peewee] ('DELETE FROM "federatedlogin" WHERE ("federatedlogin"."user_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:40,988 [247] [DEBUG] [peewee] ('DELETE FROM "quotanamespacesize" WHERE ("quotanamespacesize"."namespace_user_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:40,990 [249] [DEBUG] [peewee] ('DELETE FROM "quotanamespacesize" WHERE ("quotanamespacesize"."namespace_user_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:40,992 [247] [DEBUG] [peewee] ('DELETE FROM "oauthassignedtoken" WHERE ("oauthassignedtoken"."assigned_user_id" = %s)', [5]) gunicorn-web stdout | 2025-11-04 09:06:40,994 [249] [DEBUG] [peewee] ('DELETE FROM "oauthassignedtoken" WHERE ("oauthassignedtoken"."assigned_user_id" = %s)', [3]) gunicorn-web stdout | 2025-11-04 09:06:40,995 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s FOR UPDATE', [5, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:40,997 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s FOR UPDATE', [3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:40,999 [247] [DEBUG] [peewee] ('INSERT INTO "deletednamespace" ("namespace_id", "marked", "original_username", "original_email") VALUES (%s, %s, %s, %s) RETURNING "deletednamespace"."id"', [5, datetime.datetime(2025, 11, 4, 9, 6, 40, 998796), 'testorg2', 'quay+testorg2@quay.com']) gunicorn-web stdout | 2025-11-04 09:06:40,999 [249] [DEBUG] [peewee] ('INSERT INTO "deletednamespace" ("namespace_id", "marked", "original_username", "original_email") VALUES (%s, %s, %s, %s) RETURNING "deletednamespace"."id"', [3, datetime.datetime(2025, 11, 4, 9, 6, 40, 999641), 'testorg', 'quay+testorg@quay.com']) gunicorn-web stdout | 2025-11-04 09:06:41,001 [247] [DEBUG] [peewee] ('UPDATE "user" SET "uuid" = %s, "username" = %s, "password_hash" = %s, "email" = %s, "verified" = %s, "stripe_id" = %s, "organization" = %s, "robot" = %s, "invoice_email" = %s, "invalid_login_attempts" = %s, "last_invalid_login" = %s, "removed_tag_expiration_s" = %s, "enabled" = %s, "invoice_email_address" = %s, "given_name" = %s, "family_name" = %s, "company" = %s, "location" = %s, "maximum_queued_builds_count" = %s, "creation_date" = %s, "last_accessed" = %s WHERE ("user"."id" = %s)', ['ba939be4-0270-4b7b-9bd9-228b56041472', '04617bc0-5074-4229-9551-bb696f9ce5fe', None, '5c9c542f-09a7-4e20-b31f-ede19737bcfd', False, None, True, False, False, 0, datetime.datetime(2025, 11, 4, 8, 26, 14, 428918), 1209600, False, None, None, None, None, None, None, datetime.datetime(2025, 11, 4, 8, 26, 14, 428922), None, 5]) gunicorn-web stdout | 2025-11-04 09:06:41,001 [249] [DEBUG] [peewee] ('UPDATE "user" SET "uuid" = %s, "username" = %s, "password_hash" = %s, "email" = %s, "verified" = %s, "stripe_id" = %s, "organization" = %s, "robot" = %s, "invoice_email" = %s, "invalid_login_attempts" = %s, "last_invalid_login" = %s, "removed_tag_expiration_s" = %s, "enabled" = %s, "invoice_email_address" = %s, "given_name" = %s, "family_name" = %s, "company" = %s, "location" = %s, "maximum_queued_builds_count" = %s, "creation_date" = %s, "last_accessed" = %s WHERE ("user"."id" = %s)', ['d2486bf7-8a8d-4240-8d84-507895b179f4', '95595bdd-7ef2-4730-9b0a-15a675d82fb0', None, '0351b5db-50dd-4d38-8a63-c5c0c6e4173d', False, None, True, False, False, 0, datetime.datetime(2025, 11, 4, 8, 25, 28, 724797), 1209600, False, None, None, None, None, None, None, datetime.datetime(2025, 11, 4, 8, 25, 28, 724802), None, 3]) gunicorn-web stdout | 2025-11-04 09:06:41,004 [247] [DEBUG] [peewee] ('INSERT INTO "queueitem" ("queue_name", "body", "available_after", "available", "retries_remaining", "state_id") VALUES (%s, %s, %s, %s, %s, %s) RETURNING "queueitem"."id"', ['namespacegc/5/', '{"marker_id": 1, "original_username": "testorg2"}', datetime.datetime(2025, 11, 4, 9, 6, 41, 4669), True, 5, '1a57b541-615f-4839-9c24-d8c436737a5f']) gunicorn-web stdout | 2025-11-04 09:06:41,006 [249] [DEBUG] [peewee] ('INSERT INTO "queueitem" ("queue_name", "body", "available_after", "available", "retries_remaining", "state_id") VALUES (%s, %s, %s, %s, %s, %s) RETURNING "queueitem"."id"', ['namespacegc/3/', '{"marker_id": 2, "original_username": "testorg"}', datetime.datetime(2025, 11, 4, 9, 6, 41, 6181), True, 5, '38a9df49-4d32-416e-901c-c63402820458']) gunicorn-web stdout | 2025-11-04 09:06:41,009 [247] [DEBUG] [peewee] ('UPDATE "deletednamespace" SET "namespace_id" = %s, "marked" = %s, "original_username" = %s, "original_email" = %s, "queue_id" = %s WHERE ("deletednamespace"."id" = %s)', [5, datetime.datetime(2025, 11, 4, 9, 6, 40, 998796), 'testorg2', 'quay+testorg2@quay.com', '1', 1]) gunicorn-web stdout | 2025-11-04 09:06:41,011 [249] [DEBUG] [peewee] ('UPDATE "deletednamespace" SET "namespace_id" = %s, "marked" = %s, "original_username" = %s, "original_email" = %s, "queue_id" = %s WHERE ("deletednamespace"."id" = %s)', [3, datetime.datetime(2025, 11, 4, 9, 6, 40, 999641), 'testorg', 'quay+testorg@quay.com', '2', 2]) gunicorn-web stdout | 2025-11-04 09:06:41,014 [247] [DEBUG] [app] Ending request: urn:request:38ff2106-ce28-4094-846d-c7f972001d1e (/api/v1/superuser/organizations/testorg2) {'endpoint': 'api.superuserorganizationmanagement', 'request_id': 'urn:request:38ff2106-ce28-4094-846d-c7f972001d1e', 'remote_addr': '10.131.0.44', 'http_method': 'DELETE', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/testorg2', 'path': '/api/v1/superuser/organizations/testorg2', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:41,014 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:41,014 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:41 +0000] "DELETE /api/v1/superuser/organizations/testorg2 HTTP/1.0" 204 0 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:41 +0000] "DELETE /api/v1/superuser/organizations/testorg2 HTTP/1.1" 204 0 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.095 1823 0.095) gunicorn-web stdout | 2025-11-04 09:06:41,015 [249] [DEBUG] [app] Ending request: urn:request:609f5160-dd6f-4733-b79c-56d5f8fe8f71 (/api/v1/superuser/organizations/testorg) {'endpoint': 'api.superuserorganizationmanagement', 'request_id': 'urn:request:609f5160-dd6f-4733-b79c-56d5f8fe8f71', 'remote_addr': '10.131.0.44', 'http_method': 'DELETE', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/testorg', 'path': '/api/v1/superuser/organizations/testorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:41,015 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:41,016 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:41 +0000] "DELETE /api/v1/superuser/organizations/testorg HTTP/1.0" 204 0 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:41 +0000] "DELETE /api/v1/superuser/organizations/testorg HTTP/1.1" 204 0 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.097 1822 0.096) gunicorn-web stdout | 2025-11-04 09:06:41,357 [246] [DEBUG] [app] Starting request: urn:request:0d3022b5-fe51-4797-812e-c0d9a6c34b49 (/api/v1/user/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:41,357 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,357 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,358 [249] [DEBUG] [app] Starting request: urn:request:e4edfe94-0b46-4206-9f4c-7939fd868f79 (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:41,358 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,358 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,358 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,359 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,370 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:41,370 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:41,370 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,371 [249] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:41,371 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:41,371 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,371 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,371 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,371 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:41,371 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,371 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,371 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:41,371 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,371 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,371 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,372 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,372 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [True, False]) gunicorn-web stdout | 2025-11-04 09:06:41,372 [246] [DEBUG] [peewee] ('SELECT DISTINCT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" INNER JOIN "team" AS "t2" ON ("t2"."organization_id" = "t1"."id") INNER JOIN "teammember" AS "t3" ON ("t3"."team_id" = "t2"."id") INNER JOIN "user" AS "t4" ON ("t4"."id" = "t3"."user_id") WHERE (("t1"."organization" = %s) AND ("t4"."username" = %s))', [True, 'quay']) gunicorn-web stdout | 2025-11-04 09:06:41,376 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:41,377 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,378 [246] [DEBUG] [peewee] ('SELECT "t1"."service_ident", "t2"."name", "t1"."metadata_json" FROM "federatedlogin" AS "t1" INNER JOIN "loginservice" AS "t2" ON ("t1"."service_id" = "t2"."id") WHERE (("t2"."name" != %s) AND ("t1"."user_id" = %s))', ['quayrobot', 1]) gunicorn-web stdout | 2025-11-04 09:06:41,379 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:41,381 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."kind_id" FROM "userprompt" AS "t1" INNER JOIN "userpromptkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE ("t1"."user_id" = %s)', [1]) gunicorn-web stdout | 2025-11-04 09:06:41,383 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,385 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,387 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:41,388 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:41,391 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,393 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,395 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,396 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:41,398 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:41,399 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,401 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:41,402 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,403 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,405 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:41,405 [249] [DEBUG] [app] Ending request: urn:request:e4edfe94-0b46-4206-9f4c-7939fd868f79 (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:e4edfe94-0b46-4206-9f4c-7939fd868f79', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:41,405 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:41,406 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:41 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:41 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1692 0.049) gunicorn-web stdout | 2025-11-04 09:06:41,408 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,409 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:41,410 [246] [DEBUG] [app] Ending request: urn:request:0d3022b5-fe51-4797-812e-c0d9a6c34b49 (/api/v1/user/) {'endpoint': 'api.user', 'request_id': 'urn:request:0d3022b5-fe51-4797-812e-c0d9a6c34b49', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/', 'path': '/api/v1/user/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:41,410 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:41 +0000] "GET /api/v1/user/ HTTP/1.1" 200 1229 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1673 0.054) gunicorn-web stdout | 2025-11-04 09:06:41,411 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:41 +0000] "GET /api/v1/user/ HTTP/1.0" 200 1229 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:42,108 [246] [DEBUG] [app] Starting request: urn:request:d9d88f50-c9bf-4e50-aafa-9344bc38d917 (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:42,109 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:42,109 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:42,109 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:42,122 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:42,122 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:42,122 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:42,123 [246] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:42,123 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:42,123 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:42,123 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:42,123 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:42,123 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:42,124 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:06:42,128 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:42,132 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:42,135 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:42,139 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:42,142 [246] [DEBUG] [app] Ending request: urn:request:d9d88f50-c9bf-4e50-aafa-9344bc38d917 (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:d9d88f50-c9bf-4e50-aafa-9344bc38d917', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:42,142 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:42,143 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:42 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:42 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.036 1684 0.036) manifestsubjectbackfillworker stdout | 2025-11-04 09:06:42,156 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:06:42,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:06:42,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:12.952336+00:00 (in 29.999547 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:06:42,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:12 GMT)" (scheduled at 2025-11-04 09:06:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:06:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:06:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:06:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:12 GMT)" executed successfully gcworker stdout | 2025-11-04 09:06:43,468 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:54.140529+00:00 (in 9.999438 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:44,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:54 GMT)" (scheduled at 2025-11-04 09:06:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:44,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:06:44,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 44, 141377), True, datetime.datetime(2025, 11, 4, 9, 6, 44, 141377), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:06:44,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:06:44,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:06:44,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:54 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:06:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:06:46,131 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:16.130127+00:00 (in 29.998902 seconds) autopruneworker stdout | 2025-11-04 09:06:46,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:16 GMT)" (scheduled at 2025-11-04 09:06:46.130127+00:00) autopruneworker stdout | 2025-11-04 09:06:46,139 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243606139, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:06:46,144 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:06:46,144 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:06:46,144 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:16 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:06:46,157 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:46,408 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:46,410 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:46,437 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:46,454 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:46,464 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:47,200 [246] [DEBUG] [app] Starting request: urn:request:06576518-5003-4465-bd31-0b22446a64ca (/api/v1/organization/superorg/quota) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,200 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,200 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,201 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,209 [248] [DEBUG] [app] Starting request: urn:request:323a5586-4e56-4365-a37a-133fb2c96940 (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,209 [249] [DEBUG] [app] Starting request: urn:request:fccadfea-0e86-402b-aeb5-01d3b560a36e (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,210 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,210 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,210 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,210 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,210 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,210 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,213 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,213 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,213 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,213 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,214 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,214 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,214 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,215 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,220 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,221 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,221 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,221 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,221 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,221 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,221 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,221 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,222 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,222 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,222 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,222 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,222 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,222 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,223 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,224 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,225 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,226 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,226 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,226 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,227 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,228 [246] [DEBUG] [app] Ending request: urn:request:06576518-5003-4465-bd31-0b22446a64ca (/api/v1/organization/superorg/quota) {'endpoint': 'api.organizationquotalist', 'request_id': 'urn:request:06576518-5003-4465-bd31-0b22446a64ca', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/quota', 'path': '/api/v1/organization/superorg/quota', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:47,228 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'superorg', 1, 3, 1, 'superorg', 101]) gunicorn-web stdout | 2025-11-04 09:06:47,229 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg/quota HTTP/1.1" 200 3 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.031 1719 0.031) gunicorn-web stdout | 2025-11-04 09:06:47,229 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg/quota HTTP/1.0" 200 3 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,232 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,233 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:47,234 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [9, None, 1762247207234, False]) gunicorn-web stdout | 2025-11-04 09:06:47,236 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:47,238 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:06:47,239 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:47,242 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [9]) gunicorn-web stdout | 2025-11-04 09:06:47,243 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:47,245 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,246 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,246 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,246 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,246 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,246 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,248 [249] [DEBUG] [app] Ending request: urn:request:fccadfea-0e86-402b-aeb5-01d3b560a36e (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:fccadfea-0e86-402b-aeb5-01d3b560a36e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=superorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'superorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:47,249 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:47,250 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.0" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.1" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.042 1752 0.042) gunicorn-web stdout | 2025-11-04 09:06:47,251 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,254 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,257 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,260 [248] [DEBUG] [app] Ending request: urn:request:323a5586-4e56-4365-a37a-133fb2c96940 (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:323a5586-4e56-4365-a37a-133fb2c96940', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:47,261 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:47,261 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1713 0.053) gunicorn-web stdout | 2025-11-04 09:06:47,567 [249] [DEBUG] [app] Starting request: urn:request:2cf99ced-612d-429b-b22a-fdd890fef3ea (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,567 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,567 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,568 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,580 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,580 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,580 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,581 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,584 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,584 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,584 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,584 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,585 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,590 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,590 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,590 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,591 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,591 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,591 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,591 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,591 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:47,594 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:47,595 [248] [DEBUG] [app] Starting request: urn:request:16b2153f-0a3b-4b2d-84e8-6d10ca0c078e (/api/v1/organization/superorg/applications) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,595 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,595 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,596 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,597 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:47,600 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,600 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,600 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,600 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,601 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,604 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,607 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,609 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,609 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,610 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,610 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,610 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,610 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,610 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,610 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,612 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,614 [249] [DEBUG] [app] Ending request: urn:request:2cf99ced-612d-429b-b22a-fdd890fef3ea (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:2cf99ced-612d-429b-b22a-fdd890fef3ea', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:47,614 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:47,615 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1713 0.049) gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,616 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,617 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,620 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."client_id", "t1"."secure_client_secret", "t1"."fully_migrated", "t1"."redirect_uri", "t1"."application_uri", "t1"."organization_id", "t1"."name", "t1"."description", "t1"."gravatar_email" FROM "oauthapplication" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:47,624 [248] [DEBUG] [app] Ending request: urn:request:16b2153f-0a3b-4b2d-84e8-6d10ca0c078e (/api/v1/organization/superorg/applications) {'endpoint': 'api.organizationapplications', 'request_id': 'urn:request:16b2153f-0a3b-4b2d-84e8-6d10ca0c078e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/applications', 'path': '/api/v1/organization/superorg/applications', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:47,624 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:47,624 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg/applications HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg/applications HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.030 1726 0.030) gunicorn-web stdout | 2025-11-04 09:06:47,758 [249] [DEBUG] [app] Starting request: urn:request:e83e6d2f-38e2-4c19-a1d4-07135b02afa4 (/api/v1/organization/superorg/aggregatelogs) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,759 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,759 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,759 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,772 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,772 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,772 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,773 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,773 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,773 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,773 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,775 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,780 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,781 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,781 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,781 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,781 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,781 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,781 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,782 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,786 [249] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry3" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 'day']) gunicorn-web stdout | 2025-11-04 09:06:47,790 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,793 [249] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry2" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 'day']) gunicorn-web stdout | 2025-11-04 09:06:47,797 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,801 [249] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 'day']) gunicorn-web stdout | 2025-11-04 09:06:47,804 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "logentrykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:47,811 [249] [DEBUG] [app] Ending request: urn:request:e83e6d2f-38e2-4c19-a1d4-07135b02afa4 (/api/v1/organization/superorg/aggregatelogs) {'endpoint': 'api.orgaggregatelogs', 'request_id': 'urn:request:e83e6d2f-38e2-4c19-a1d4-07135b02afa4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/aggregatelogs?starttime=10/05/2025&endtime=11/04/2025', 'path': '/api/v1/organization/superorg/aggregatelogs', 'parameters': {'starttime': '10/05/2025', 'endtime': '11/04/2025'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:47,811 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:47,812 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg/aggregatelogs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025 HTTP/1.0" 200 359 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:47 +0000] "GET /api/v1/organization/superorg/aggregatelogs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025 HTTP/1.1" 200 359 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1775 0.055) gunicorn-web stdout | 2025-11-04 09:06:47,965 [248] [DEBUG] [app] Starting request: urn:request:91dc88d5-20e7-4ba3-a6c7-b5a71bee3fe8 (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,966 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,966 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,966 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,971 [247] [DEBUG] [app] Starting request: urn:request:8a617c3f-f5df-4bdf-ae64-8679d054f333 (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,971 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,971 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,972 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,973 [246] [DEBUG] [app] Starting request: urn:request:e526ac36-4ae1-468d-b28d-9a2f73e6fbe1 (/api/v1/organization/superorg/logs) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,973 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,973 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,974 [249] [DEBUG] [app] Starting request: urn:request:97eeeb6b-d5d2-4902-9e0a-7e57648205b3 (/api/v1/organization/superorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:47,974 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,974 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,974 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,975 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,980 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,981 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,982 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [True, False]) gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,985 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,986 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,986 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:47,987 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,987 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,988 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,989 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:47,990 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:47,990 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:47,993 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,993 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,994 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,994 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,994 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,994 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:47,994 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,994 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:47,994 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:47,994 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,994 [249] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'superorg+%']) gunicorn-web stdout | 2025-11-04 09:06:47,996 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:47,997 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:06:47,998 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:06:47,999 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."kind_id", "t1"."account_id", "t1"."performer_id", "t1"."repository_id", "t1"."datetime", "t1"."ip", "t1"."metadata_json", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "logentry3" AS "t1" LEFT OUTER JOIN "user" AS "t2" ON ("t2"."id" = "t1"."performer_id") WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) ORDER BY "t1"."datetime" DESC LIMIT %s', [datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 21]) gunicorn-web stdout | 2025-11-04 09:06:48,000 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,001 [249] [DEBUG] [app] Ending request: urn:request:97eeeb6b-d5d2-4902-9e0a-7e57648205b3 (/api/v1/organization/superorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:97eeeb6b-d5d2-4902-9e0a-7e57648205b3', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/superorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,001 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,001 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:48,002 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.029 1749 0.029) gunicorn-web stdout | 2025-11-04 09:06:48,003 [249] [DEBUG] [app] Starting request: urn:request:1cd928e9-910b-423b-91ab-f4ada41d913e (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:48,003 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,003 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,004 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,004 [247] [DEBUG] [app] Ending request: urn:request:8a617c3f-f5df-4bdf-ae64-8679d054f333 (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:8a617c3f-f5df-4bdf-ae64-8679d054f333', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,004 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:48,004 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,005 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.034 1708 0.034) gunicorn-web stdout | 2025-11-04 09:06:48,006 [247] [DEBUG] [app] Starting request: urn:request:0bf2c508-5573-4680-9fe8-b1ec5f97a202 (/api/v1/organization/superorg/prototypes) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:48,006 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,006 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,006 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,007 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:48,008 [246] [DEBUG] [app] Ending request: urn:request:e526ac36-4ae1-468d-b28d-9a2f73e6fbe1 (/api/v1/organization/superorg/logs) {'endpoint': 'api.orglogs', 'request_id': 'urn:request:e526ac36-4ae1-468d-b28d-9a2f73e6fbe1', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/logs?starttime=10/05/2025&endtime=11/04/2025&next_page=', 'path': '/api/v1/organization/superorg/logs', 'parameters': {'starttime': '10/05/2025', 'endtime': '11/04/2025', 'next_page': ''}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,009 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:48,009 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg/logs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025&next_page= HTTP/1.0" 200 4127 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg/logs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025&next_page= HTTP/1.1" 200 4127 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.037 1777 0.037) gunicorn-web stdout | 2025-11-04 09:06:48,011 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,015 [248] [DEBUG] [app] Ending request: urn:request:91dc88d5-20e7-4ba3-a6c7-b5a71bee3fe8 (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:91dc88d5-20e7-4ba3-a6c7-b5a71bee3fe8', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,015 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:48,015 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:48,015 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,015 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1716 0.052) gunicorn-web stdout | 2025-11-04 09:06:48,016 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:48,016 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,017 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:48,017 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:48,017 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,017 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,017 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,017 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,018 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,019 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:48,020 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,020 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,020 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,020 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,022 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:48,024 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,026 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:48,027 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:48,029 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."org_id", "t1"."uuid", "t1"."activating_user_id", "t1"."delegate_user_id", "t1"."delegate_team_id", "t1"."role_id" FROM "permissionprototype" AS "t1" LEFT OUTER JOIN "user" AS "t2" ON ("t2"."id" = "t1"."activating_user_id") LEFT OUTER JOIN "user" AS "t3" ON ("t3"."id" = "t1"."delegate_user_id") LEFT OUTER JOIN "team" AS "t4" ON ("t4"."id" = "t1"."delegate_team_id") LEFT OUTER JOIN "role" AS "t5" ON ("t5"."id" = "t1"."role_id") WHERE ("t1"."org_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:48,030 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:48,032 [247] [DEBUG] [app] Ending request: urn:request:0bf2c508-5573-4680-9fe8-b1ec5f97a202 (/api/v1/organization/superorg/prototypes) {'endpoint': 'api.permissionprototypelist', 'request_id': 'urn:request:0bf2c508-5573-4680-9fe8-b1ec5f97a202', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/prototypes', 'path': '/api/v1/organization/superorg/prototypes', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,033 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg/prototypes HTTP/1.1" 200 19 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.060 1724 0.060) gunicorn-web stdout | 2025-11-04 09:06:48,033 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:48,033 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg/prototypes HTTP/1.0" 200 19 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:48,036 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,036 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,036 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,036 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,037 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:48,040 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,044 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:48,047 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,050 [249] [DEBUG] [app] Ending request: urn:request:1cd928e9-910b-423b-91ab-f4ada41d913e (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:1cd928e9-910b-423b-91ab-f4ada41d913e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,051 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:48,051 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.078 1713 0.078) exportactionlogsworker stdout | 2025-11-04 09:06:48,739 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:48,755 [246] [DEBUG] [app] Starting request: urn:request:6b13d280-4bfb-4235-bb23-bb55229598cc (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:48,755 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,755 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,756 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,761 [247] [DEBUG] [app] Starting request: urn:request:54ca82ff-fecf-453e-8e91-4cad53d9d61e (/api/v1/repository/superorg/repo1) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:48,761 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,761 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,762 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,767 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:48,768 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:48,768 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,769 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,772 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,772 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,772 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,772 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,773 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:48,773 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:48,773 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,773 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:48,774 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:06:48,776 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,776 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,776 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,776 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,777 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,780 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:06:48,781 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:06:48,782 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:48,784 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:48,784 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:48,788 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:06:48,789 [247] [DEBUG] [endpoints.api.repository] Get repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:48,790 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,791 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,791 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,791 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,791 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,792 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:48,793 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."repository_id", "t1"."created" FROM "star" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."user_id" = %s)) LIMIT %s OFFSET %s', [9, 1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,795 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,798 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['public', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,798 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:06:48,801 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:48,801 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:48,805 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."count", "t1"."date" FROM "repositoryactioncount" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."date" >= %s))', [9, datetime.date(2025, 8, 4)]) gunicorn-web stdout | 2025-11-04 09:06:48,805 [246] [DEBUG] [app] Ending request: urn:request:6b13d280-4bfb-4235-bb23-bb55229598cc (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:6b13d280-4bfb-4235-bb23-bb55229598cc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,806 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1717 0.053) gunicorn-web stdout | 2025-11-04 09:06:48,807 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:48,808 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,809 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:48,810 [247] [DEBUG] [app] Ending request: urn:request:54ca82ff-fecf-453e-8e91-4cad53d9d61e (/api/v1/repository/superorg/repo1) {'endpoint': 'api.repository', 'request_id': 'urn:request:54ca82ff-fecf-453e-8e91-4cad53d9d61e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1?includeStats=true&includeTags=false', 'path': '/api/v1/repository/superorg/repo1', 'parameters': {'includeStats': 'true', 'includeTags': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:48,810 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.1" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1757 0.056) gunicorn-web stdout | 2025-11-04 09:06:48,810 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:48 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.0" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" notificationworker stdout | 2025-11-04 09:06:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:06:59.156372+00:00 (in 9.999544 seconds) notificationworker stdout | 2025-11-04 09:06:49,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:59 GMT)" (scheduled at 2025-11-04 09:06:49.156372+00:00) notificationworker stdout | 2025-11-04 09:06:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:06:49,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 49, 157140), True, datetime.datetime(2025, 11, 4, 9, 6, 49, 157140), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:06:49,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:06:49,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:06:49,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:06:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:06:49,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:06:49,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:19.635986+00:00 (in 29.999237 seconds) buildlogsarchiver stdout | 2025-11-04 09:06:49,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:19 GMT)" (scheduled at 2025-11-04 09:06:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:06:49,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 6, 49, 637537), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:06:49,649 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:06:49,649 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:06:49,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:50,283 [246] [DEBUG] [app] Starting request: urn:request:3164cf66-30f3-4b47-b12f-529d9ffb3451 (/api/v1/repository/superorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:50,283 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,283 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,284 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,297 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:50,297 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:50,297 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,297 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:50,298 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,298 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,298 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,298 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,300 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:50,305 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,306 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:50,313 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,317 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,320 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,323 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,327 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [9, None, 1762247210326, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,331 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:50,335 [246] [DEBUG] [app] Ending request: urn:request:3164cf66-30f3-4b47-b12f-529d9ffb3451 (/api/v1/repository/superorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:3164cf66-30f3-4b47-b12f-529d9ffb3451', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/superorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:50,336 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:50 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.060 1772 0.060) gunicorn-web stdout | 2025-11-04 09:06:50,336 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:50 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:50,674 [246] [DEBUG] [app] Starting request: urn:request:c43b0d9d-785e-4daa-b986-c76338a28ed2 (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:50,674 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,675 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,675 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,688 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,690 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:50,696 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:50,697 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:50,703 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,707 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,712 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,715 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,719 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', None, 1762247210719, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:50,724 [246] [DEBUG] [app] Ending request: urn:request:c43b0d9d-785e-4daa-b986-c76338a28ed2 (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:c43b0d9d-785e-4daa-b986-c76338a28ed2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:50,725 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:50,725 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:50 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.0" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:50 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.1" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1819 0.053) pullstatsredisflushworker stdout | 2025-11-04 09:06:50,950 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:06:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:06:51,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:27.063966+00:00 (in 35.998112 seconds) repositorygcworker stdout | 2025-11-04 09:06:51,066 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:51 GMT)" (scheduled at 2025-11-04 09:06:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:06:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:06:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:07:51 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:51,089 [246] [DEBUG] [app] Starting request: urn:request:cf4865fd-1d8c-4c0e-8693-7c0809e27d66 (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,089 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,089 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,090 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,091 [247] [DEBUG] [app] Starting request: urn:request:7e925ca0-06d9-405b-a31f-2e9a76b74e53 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,091 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,091 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,092 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,092 [248] [DEBUG] [app] Starting request: urn:request:a0ac15ba-5fee-4bc1-950d-089d7496b9e6 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,092 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,092 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,093 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,095 [249] [DEBUG] [app] Starting request: urn:request:7912ad96-f145-42dd-b306-7978f9380e8f (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,095 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,095 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,096 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,102 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,102 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,102 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,103 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,103 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,103 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,103 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,103 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,104 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,108 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,108 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,108 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,109 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,109 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,109 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,109 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,109 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,109 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,109 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,109 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,109 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,110 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,110 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,110 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,110 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,110 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,110 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,111 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,111 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,111 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,113 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,116 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,117 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,117 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,118 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,118 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,118 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,119 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,122 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,125 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,125 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,125 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,127 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,128 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,130 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,130 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,132 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,132 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,133 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,134 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,135 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,136 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,136 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,137 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,138 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,139 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d gunicorn-web stdout | 2025-11-04 09:06:51,140 [246] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d; calling loader gunicorn-web stdout | 2025-11-04 09:06:51,140 [246] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:51,140 [246] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d gunicorn-web stdout | 2025-11-04 09:06:51,140 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247211140, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,141 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,142 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,143 [246] [DEBUG] [app] Starting request: urn:request:f338bad7-d9be-4bf5-90c3-781238e842e5 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,143 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,143 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,143 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,145 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,146 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247211145, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,146 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,149 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,150 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,150 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,152 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc gunicorn-web stdout | 2025-11-04 09:06:51,153 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 gunicorn-web stdout | 2025-11-04 09:06:51,154 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,154 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,154 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,154 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,154 [247] [DEBUG] [app] Starting request: urn:request:0743af9f-3dfc-415a-b52c-2162aa187453 (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,154 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,154 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,154 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,155 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,155 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,155 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,155 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,155 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,156 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,158 [248] [DEBUG] [app] Starting request: urn:request:96071006-16c1-4418-824c-e84705cdcdbd (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,159 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,159 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,159 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,161 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,162 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,163 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,167 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,168 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,168 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['a6a852be-a247-44ea-b069-5dde2d0c82f9']) gunicorn-web stdout | 2025-11-04 09:06:51,168 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,170 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,170 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,170 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,171 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,171 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,171 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,171 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,171 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,171 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "imagestoragelocation" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,172 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,173 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,175 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,176 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,177 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,178 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,178 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/endpoints.json gunicorn-web stdout | 2025-11-04 09:06:51,179 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,181 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,184 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,185 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,186 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247211185, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,188 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,191 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,192 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247211192, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,193 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,194 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,197 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,197 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,197 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,201 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247211200, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,201 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247211200, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,202 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,206 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['dd459018-ad0e-4277-a622-172fa8f36752']) gunicorn-web stdout | 2025-11-04 09:06:51,206 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247211206, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,207 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247211206, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,210 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "imagestoragelocation" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,210 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,211 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,216 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/endpoints.json gunicorn-web stdout | 2025-11-04 09:06:51,216 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,216 [247] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,219 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['9b405135-d988-4a2c-a7c6-d499c1eecff2']) gunicorn-web stdout | 2025-11-04 09:06:51,220 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['1d044cf7-21b0-4166-b66f-36cd96ea0b64']) gunicorn-web stdout | 2025-11-04 09:06:51,223 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "imagestoragelocation" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,224 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "imagestoragelocation" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,229 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/endpoints.json gunicorn-web stdout | 2025-11-04 09:06:51,233 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/endpoints.json gunicorn-web stdout | 2025-11-04 09:06:51,245 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/sdk-default-configuration.json gunicorn-web stdout | 2025-11-04 09:06:51,245 [246] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,246 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/sdk-default-configuration.json gunicorn-web stdout | 2025-11-04 09:06:51,247 [248] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,249 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/sdk-default-configuration.json gunicorn-web stdout | 2025-11-04 09:06:51,249 [247] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler securityworker stdout | 2025-11-04 09:06:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:06:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:07.252445+00:00 (in 15.997224 seconds) securityworker stdout | 2025-11-04 09:06:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:21 GMT)" (scheduled at 2025-11-04 09:06:51.254713+00:00) securityworker stdout | 2025-11-04 09:06:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:06:51,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:06:51,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:06:51,263 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:06:51,266 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/service-2.json gunicorn-web stdout | 2025-11-04 09:06:51,266 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/service-2.json gunicorn-web stdout | 2025-11-04 09:06:51,267 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/service-2.json securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:51,275 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:51,275 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:51,275 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:51,275 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:51,331 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:06:51,335 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:06:51,335 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:51,335 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:51,335 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:06:51,335 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:51,335 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:06:51,336 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:51,336 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:51,336 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:51,336 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:51,336 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:51,337 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 1, 51, 263455), 1, 49]) securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:06:51,341 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:06:51,343 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 1, 51, 263455), 1, 49]) gunicorn-web stdout | 2025-11-04 09:06:51,343 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker gunicorn-web stdout | 2025-11-04 09:06:51,346 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/partitions.json securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:06:51,346 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:51,347 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:06:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:06:51,347 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:21 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:51,348 [246] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,348 [246] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,351 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json gunicorn-web stdout | 2025-11-04 09:06:51,354 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json gunicorn-web stdout | 2025-11-04 09:06:51,370 [246] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,429 [246] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,432 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/_retry.json gunicorn-web stdout | 2025-11-04 09:06:51,432 [246] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,432 [246] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,448 [246] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/boto3/data/s3/2006-03-01/resources-1.json gunicorn-web stdout | 2025-11-04 09:06:51,450 [246] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,451 [246] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,451 [246] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,451 [246] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,452 [246] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,454 [246] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,454 [246] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,455 [246] [DEBUG] [boto3.resources.factory] Loading s3:s3 gunicorn-web stdout | 2025-11-04 09:06:51,456 [246] [DEBUG] [boto3.resources.factory] Loading s3:Bucket gunicorn-web stdout | 2025-11-04 09:06:51,456 [246] [DEBUG] [boto3.resources.model] Renaming Bucket attribute name gunicorn-web stdout | 2025-11-04 09:06:51,457 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Bucket: calling handler ._handler at 0x7eff5be89bc0> gunicorn-web stdout | 2025-11-04 09:06:51,457 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,457 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,457 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,457 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,457 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,458 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,458 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,458 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=HeadBucket) with params: {'url_path': '', 'query_string': {}, 'method': 'HEAD', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,459 [246] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | HEAD gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bca7a31d0eef60b17da8019d0cc1f0f7d81985c5dfed97865d575538314ef903 gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3 gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,460 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,461 [246] [DEBUG] [botocore.hooks] Event before-send.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,461 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3', 'amz-sdk-invocation-id': b'bd34f602-f5a9-4a46-8912-0b9ed9697a50', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,462 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,462 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,464 [246] [DEBUG] [app] Starting request: urn:request:3c954a4e-a794-440a-be8b-b16a606cf259 (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,465 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,465 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,466 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,478 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,529 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/sdk-default-configuration.json gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,529 [249] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,529 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,531 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,537 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,538 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,543 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/service-2.json gunicorn-web stdout | 2025-11-04 09:06:51,545 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,550 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,554 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,558 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,562 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,564 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json gunicorn-web stdout | 2025-11-04 09:06:51,566 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,568 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/partitions.json gunicorn-web stdout | 2025-11-04 09:06:51,569 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a gunicorn-web stdout | 2025-11-04 09:06:51,570 [249] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,570 [249] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,571 [246] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a; calling loader gunicorn-web stdout | 2025-11-04 09:06:51,571 [246] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:51,571 [246] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a gunicorn-web stdout | 2025-11-04 09:06:51,573 [246] [DEBUG] [app] Starting request: urn:request:1a482bbf-7ef9-43d7-b7d9-75121cbf250e (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:51,573 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,573 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,574 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,586 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,629 [249] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,629 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,632 [249] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,634 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/_retry.json gunicorn-web stdout | 2025-11-04 09:06:51,635 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:51,635 [249] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,636 [249] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,636 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,643 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,648 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,653 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,656 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) servicekey stdout | 2025-11-04 09:06:51,656 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:51,657 [249] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/boto3/data/s3/2006-03-01/resources-1.json gunicorn-web stdout | 2025-11-04 09:06:51,659 [249] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,660 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,662 [249] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,662 [249] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,662 [249] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,663 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,664 [249] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,666 [249] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,666 [249] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,666 [249] [DEBUG] [boto3.resources.factory] Loading s3:s3 gunicorn-web stdout | 2025-11-04 09:06:51,667 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 gunicorn-web stdout | 2025-11-04 09:06:51,667 [249] [DEBUG] [boto3.resources.factory] Loading s3:Bucket gunicorn-web stdout | 2025-11-04 09:06:51,667 [249] [DEBUG] [boto3.resources.model] Renaming Bucket attribute name gunicorn-web stdout | 2025-11-04 09:06:51,668 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Bucket: calling handler ._handler at 0x7eff5be89bc0> gunicorn-web stdout | 2025-11-04 09:06:51,668 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 gunicorn-web stdout | 2025-11-04 09:06:51,668 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,668 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,669 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,669 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,669 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,669 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,669 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (2): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 gunicorn-web stdout | 2025-11-04 09:06:51,669 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=HeadBucket) with params: {'url_path': '', 'query_string': {}, 'method': 'HEAD', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,670 [249] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | HEAD gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bca7a31d0eef60b17da8019d0cc1f0f7d81985c5dfed97865d575538314ef903 gunicorn-web stdout | 2025-11-04 09:06:51,671 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3 gunicorn-web stdout | 2025-11-04 09:06:51,729 [249] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,729 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,729 [249] [DEBUG] [botocore.hooks] Event before-send.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,729 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3', 'amz-sdk-invocation-id': b'7496f669-1eb0-4d95-91cc-fddbaabb37f8', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,730 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,730 [249] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,731 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/partitions.json gunicorn-web stdout | 2025-11-04 09:06:51,732 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/partitions.json gunicorn-web stdout | 2025-11-04 09:06:51,733 [247] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,734 [247] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,735 [248] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,735 [248] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,747 [247] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,749 [247] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,751 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/_retry.json gunicorn-web stdout | 2025-11-04 09:06:51,752 [247] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,753 [247] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,754 [248] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,758 [248] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,761 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/_retry.json gunicorn-web stdout | 2025-11-04 09:06:51,761 [248] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,762 [248] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,762 [246] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52; calling loader gunicorn-web stdout | 2025-11-04 09:06:51,762 [246] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:51,762 [246] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 gunicorn-web stdout | 2025-11-04 09:06:51,764 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (3): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 gunicorn-web stdout | 2025-11-04 09:06:51,768 [247] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/boto3/data/s3/2006-03-01/resources-1.json gunicorn-web stdout | 2025-11-04 09:06:51,770 [247] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,771 [247] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,771 [247] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,771 [247] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,773 [247] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,774 [246] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:51,775 [247] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,775 [247] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,775 [247] [DEBUG] [boto3.resources.factory] Loading s3:s3 gunicorn-web stdout | 2025-11-04 09:06:51,776 [246] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52: {'manifest_hash': 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:51,776 [246] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 with expiration {'manifest_hash': 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,776 [246] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 with expiration {'manifest_hash': 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,776 [247] [DEBUG] [boto3.resources.factory] Loading s3:Bucket gunicorn-web stdout | 2025-11-04 09:06:51,776 [247] [DEBUG] [boto3.resources.model] Renaming Bucket attribute name gunicorn-web stdout | 2025-11-04 09:06:51,777 [246] [DEBUG] [app] Ending request: urn:request:1a482bbf-7ef9-43d7-b7d9-75121cbf250e (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:1a482bbf-7ef9-43d7-b7d9-75121cbf250e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,777 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Bucket: calling handler ._handler at 0x7eff5be89bc0> gunicorn-web stdout | 2025-11-04 09:06:51,777 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,777 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,777 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,777 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,778 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,778 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,778 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,778 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,778 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.510 1826 0.510) gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,779 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=HeadBucket) with params: {'url_path': '', 'query_string': {}, 'method': 'HEAD', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,780 [247] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,780 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,780 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,780 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,780 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "HEAD /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 HTTP/1.1" 200 0 gunicorn-web stdout | 2025-11-04 09:06:51,780 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,780 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | HEAD gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,781 [248] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/boto3/data/s3/2006-03-01/resources-1.json gunicorn-web stdout | 2025-11-04 09:06:51,784 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "HEAD /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 HTTP/1.1" 200 0 gunicorn-web stdout | 2025-11-04 09:06:51,784 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn1y-fhu1ie-jto', 'x-amz-id-2': 'mhkchn1y-fhu1ie-jto', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,784 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | b'' gunicorn-web stdout | 2025-11-04 09:06:51,781 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bca7a31d0eef60b17da8019d0cc1f0f7d81985c5dfed97865d575538314ef903 gunicorn-web stdout | 2025-11-04 09:06:51,829 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3 gunicorn-web stdout | 2025-11-04 09:06:51,829 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,829 [247] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,829 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn1t-fewing-j20', 'x-amz-id-2': 'mhkchn1t-fewing-j20', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,829 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,829 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,829 [246] [DEBUG] [botocore.hooks] Event after-call.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,829 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:51,829 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | b'' gunicorn-web stdout | 2025-11-04 09:06:51,829 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,830 [247] [DEBUG] [botocore.hooks] Event before-send.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,830 [248] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,830 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3', 'amz-sdk-invocation-id': b'89d2ef18-7681-42dd-a5d3-66cbd003a874', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,830 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,830 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,830 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,830 [249] [DEBUG] [botocore.hooks] Event after-call.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,830 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,830 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:51,830 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'} gunicorn-web stdout | 2025-11-04 09:06:51,831 [247] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,831 [248] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [248] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7eff5be898a0> gunicorn-web stdout | 2025-11-04 09:06:51,831 [248] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [247] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc; calling loader gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,831 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,831 [247] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:51,832 [247] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,832 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:51,832 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'} gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,832 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,833 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,834 [248] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,834 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,834 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,834 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,834 [247] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 32bc2081bcfa51021bf6e430fc023f1d6b0d84bb590cc95623efa578d40f068b gunicorn-web stdout | 2025-11-04 09:06:51,834 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,834 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | df1179032d9fe709802589d53e7dcaafc7d69f1d7ebdfc2ffd7b762855793625 gunicorn-web stdout | 2025-11-04 09:06:51,834 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,835 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,835 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,835 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,835 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,835 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,835 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=df1179032d9fe709802589d53e7dcaafc7d69f1d7ebdfc2ffd7b762855793625', 'amz-sdk-invocation-id': b'3bc9e189-2c03-46f6-9c09-2f135d921307', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,835 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,836 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,836 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,836 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,836 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,836 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,836 [248] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-web stdout | 2025-11-04 09:06:51,836 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,836 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,837 [248] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-web stdout | 2025-11-04 09:06:51,837 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 27cc4896c57ec7689feccdcb241d27fefad1de6d283f3903cadb1ed49a8bc77f gunicorn-web stdout | 2025-11-04 09:06:51,837 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 97c32631c769c7954828046419921b05cca1f800d52e3275e3cdd6640d6893d2 gunicorn-web stdout | 2025-11-04 09:06:51,837 [246] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:51,837 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,837 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,837 [248] [DEBUG] [boto3.resources.factory] Loading s3:s3 gunicorn-web stdout | 2025-11-04 09:06:51,837 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,837 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=97c32631c769c7954828046419921b05cca1f800d52e3275e3cdd6640d6893d2', 'amz-sdk-invocation-id': b'0e2b169c-9775-4919-acb4-b3070b5e9dbe', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,838 [246] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:51,838 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,838 [248] [DEBUG] [boto3.resources.factory] Loading s3:Bucket gunicorn-web stdout | 2025-11-04 09:06:51,838 [248] [DEBUG] [boto3.resources.model] Renaming Bucket attribute name gunicorn-web stdout | 2025-11-04 09:06:51,838 [249] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,840 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Bucket: calling handler ._handler at 0x7eff5be89bc0> gunicorn-web stdout | 2025-11-04 09:06:51,840 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,840 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,840 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,840 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,841 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,841 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,841 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,842 [246] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a: {'manifest_hash': 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,842 [246] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a with expiration {'manifest_hash': 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,842 [246] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a with expiration {'manifest_hash': 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,842 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=HeadBucket) with params: {'url_path': '', 'query_string': {}, 'method': 'HEAD', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,842 [246] [DEBUG] [app] Ending request: urn:request:3c954a4e-a794-440a-be8b-b16a606cf259 (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:3c954a4e-a794-440a-be8b-b16a606cf259', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,843 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,843 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | HEAD gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,843 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bca7a31d0eef60b17da8019d0cc1f0f7d81985c5dfed97865d575538314ef903 nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.752 1826 0.752) gunicorn-web stdout | 2025-11-04 09:06:51,844 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3 gunicorn-web stdout | 2025-11-04 09:06:51,844 [248] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,844 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,844 [248] [DEBUG] [botocore.hooks] Event before-send.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,844 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ef5c898723a23508bd41f7e76038a287b9bbbdeb02f46706c58ad5e49ea570c3', 'amz-sdk-invocation-id': b'34d88d88-b355-4c0f-96f2-47b189424392', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,845 [246] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d: {'manifest_hash': 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:51,845 [246] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d with expiration {'manifest_hash': 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,845 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,845 [246] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d with expiration {'manifest_hash': 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,845 [248] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,845 [246] [DEBUG] [app] Ending request: urn:request:cf4865fd-1d8c-4c0e-8693-7c0809e27d66 (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:cf4865fd-1d8c-4c0e-8693-7c0809e27d66', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,846 [248] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992; calling loader gunicorn-web stdout | 2025-11-04 09:06:51,846 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,847 [248] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:51,847 [248] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.759 1826 0.760) gunicorn-web stdout | 2025-11-04 09:06:51,847 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:51,849 [248] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 builder stdout | 2025-11-04 09:06:51,864 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:51,870 [247] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:51,929 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 HTTP/1.1" 200 1457 gunicorn-web stdout | 2025-11-04 09:06:51,929 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn4v-pfzo1-bky', 'x-amz-id-2': 'mhkchn4v-pfzo1-bky', 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1457', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,929 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:51,930 [247] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc: {'manifest_hash': 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:51,930 [247] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc with expiration {'manifest_hash': 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,930 [247] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc with expiration {'manifest_hash': 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,931 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,931 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,931 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,931 [247] [DEBUG] [app] Ending request: urn:request:7e925ca0-06d9-405b-a31f-2e9a76b74e53 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:7e925ca0-06d9-405b-a31f-2e9a76b74e53', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,931 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,931 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchn4v-pfzo1-bky', 'HostId': 'mhkchn4v-pfzo1-bky', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn4v-pfzo1-bky', 'x-amz-id-2': 'mhkchn4v-pfzo1-bky', 'etag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'content-type': 'application/octet-stream', 'content-length': '1457', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 3, tzinfo=tzutc()), 'ContentLength': 1457, 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:51,931 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,932 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.843 1826 0.843) gunicorn-web stdout | 2025-11-04 09:06:51,932 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "HEAD /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 HTTP/1.1" 200 0 gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn4q-mja2g-7t', 'x-amz-id-2': 'mhkchn4q-mja2g-7t', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | b'' gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,933 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [botocore.hooks] Event after-call.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,933 [247] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'} gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,935 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,936 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,936 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,936 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,936 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,936 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,936 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,937 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,937 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,937 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,937 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,937 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,938 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:19d511225f94f9b5cbf3836eb02b5273c01b95da50735742560e3e45b8c8bfcc', 1, 9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bb6c1a65a1c6d2ea2677fe63c337b3f7797e8bcb32e306f7f1e3dd56b5005a0f gunicorn-web stdout | 2025-11-04 09:06:51,938 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 94eab71def5f6e5411a47a5587c272ee53da5b1ce2b359a8d167ccea20d2812b gunicorn-web stdout | 2025-11-04 09:06:51,939 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,939 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,939 [247] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,939 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=94eab71def5f6e5411a47a5587c272ee53da5b1ce2b359a8d167ccea20d2812b', 'amz-sdk-invocation-id': b'5e11a00e-6c7d-469e-86a0-5dc8bb1bf5a6', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,940 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,940 [247] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,943 [248] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:51,944 [249] [DEBUG] [app] Ending request: urn:request:7912ad96-f145-42dd-b306-7978f9380e8f (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:7912ad96-f145-42dd-b306-7978f9380e8f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,944 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,944 [248] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992: {'manifest_hash': 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:51,945 [248] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 with expiration {'manifest_hash': 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,945 [248] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 with expiration {'manifest_hash': 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:51,945 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.857 1796 0.857) gunicorn-web stdout | 2025-11-04 09:06:51,945 [248] [DEBUG] [app] Ending request: urn:request:a0ac15ba-5fee-4bc1-950d-089d7496b9e6 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:a0ac15ba-5fee-4bc1-950d-089d7496b9e6', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,946 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,946 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.857 1826 0.857) gunicorn-web stdout | 2025-11-04 09:06:51,950 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "HEAD /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 HTTP/1.1" 200 0 gunicorn-web stdout | 2025-11-04 09:06:51,951 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn6t-1uw5i6-wsf', 'x-amz-id-2': 'mhkchn6t-1uw5i6-wsf', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,951 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | b'' gunicorn-web stdout | 2025-11-04 09:06:51,951 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,951 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,951 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler > namespacegcworker stdout | 2025-11-04 09:06:51,950 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:51,951 [248] [DEBUG] [botocore.hooks] Event after-call.s3.HeadBucket: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,952 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:51,953 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:51,953 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'} gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,954 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,955 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090651Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090651Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 593f6e28b00fc4f8d5de806f13bd8942c29610d31649e4815331406c4e382cc4 gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 95c4e55577dfeec777ca802ad12d1c31f2311e9618f6f6e7370423654b2b7776 gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,956 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:51,957 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,957 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090651Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=95c4e55577dfeec777ca802ad12d1c31f2311e9618f6f6e7370423654b2b7776', 'amz-sdk-invocation-id': b'6c5e0a16-3feb-4243-b7ad-9c71f91c64d3', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:51,957 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:51,957 [248] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:51,966 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 HTTP/1.1" 200 1469 gunicorn-web stdout | 2025-11-04 09:06:51,967 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn73-20r1t9-hkj', 'x-amz-id-2': 'mhkchn73-20r1t9-hkj', 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1469', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,967 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:51,968 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,968 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,968 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,968 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,969 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchn73-20r1t9-hkj', 'HostId': 'mhkchn73-20r1t9-hkj', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn73-20r1t9-hkj', 'x-amz-id-2': 'mhkchn73-20r1t9-hkj', 'etag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1469', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 7, tzinfo=tzutc()), 'ContentLength': 1469, 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:51,970 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,974 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 9, 'sha256:7bc0df393b289d450de141fd2c095776adb8cb79f976c1dacb787c9fc9a4d201', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,978 [246] [DEBUG] [app] Ending request: urn:request:f338bad7-d9be-4bf5-90c3-781238e842e5 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:f338bad7-d9be-4bf5-90c3-781238e842e5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,979 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,980 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.890 1796 0.890) gunicorn-web stdout | 2025-11-04 09:06:51,984 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:06:51,984 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn7q-2erspq-13xt', 'x-amz-id-2': 'mhkchn7q-2erspq-13xt', 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,984 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:51,986 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:51,986 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:51,986 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,986 [247] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:51,986 [247] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchn7q-2erspq-13xt', 'HostId': 'mhkchn7q-2erspq-13xt', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn7q-2erspq-13xt', 'x-amz-id-2': 'mhkchn7q-2erspq-13xt', 'etag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 5, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:51,988 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:51,992 [247] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 9, 'sha256:94b622d2880b7640fe5cf6da80a87db008e0529da67218311bc90f0fb1205091', 1]) gunicorn-web stdout | 2025-11-04 09:06:51,997 [247] [DEBUG] [app] Ending request: urn:request:0743af9f-3dfc-415a-b52c-2162aa187453 (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:0743af9f-3dfc-415a-b52c-2162aa187453', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:51,997 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:51,997 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:06:51,998 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn84-2mscy9-zjx', 'x-amz-id-2': 'mhkchn84-2mscy9-zjx', 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:51,998 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:51 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.908 1796 0.908) gunicorn-web stdout | 2025-11-04 09:06:51,998 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,029 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,029 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,029 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,029 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,030 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchn84-2mscy9-zjx', 'HostId': 'mhkchn84-2mscy9-zjx', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchn84-2mscy9-zjx', 'x-amz-id-2': 'mhkchn84-2mscy9-zjx', 'etag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:51 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 10, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,031 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,035 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 9, 'sha256:7ceae7886eafad2b1357f06c9477a2d217e23c9d62c8d217b5d0ed7447e76a6a', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,039 [248] [DEBUG] [app] Ending request: urn:request:96071006-16c1-4418-824c-e84705cdcdbd (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:96071006-16c1-4418-824c-e84705cdcdbd', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,040 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,040 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.950 1796 0.950) gunicorn-web stdout | 2025-11-04 09:06:52,266 [246] [DEBUG] [app] Starting request: urn:request:831aabca-367d-429d-b954-cdd52ae727dd (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,266 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,266 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,267 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,279 [248] [DEBUG] [app] Starting request: urn:request:23134a28-d13e-43ed-a367-8f7af403e31f (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,279 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,279 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,280 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,280 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,281 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,287 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,288 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,292 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,293 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,293 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,294 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,298 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,299 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,300 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,302 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,305 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,306 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,309 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247212309, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,311 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,313 [247] [DEBUG] [app] Starting request: urn:request:acb4a472-209e-4f95-b005-36f697cb691a (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,313 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,313 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,314 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,314 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,314 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247212314, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,317 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,318 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,320 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,322 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,324 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,325 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,326 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d82d7341-fba3-4ba1-be5d-73f5c5a06d4d']) gunicorn-web stdout | 2025-11-04 09:06:52,326 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,327 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,328 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 gunicorn-web stdout | 2025-11-04 09:06:52,328 [248] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933; calling loader gunicorn-web stdout | 2025-11-04 09:06:52,328 [248] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:52,328 [248] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 gunicorn-web stdout | 2025-11-04 09:06:52,330 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'} gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:52,331 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,332 [248] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:52,332 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,332 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090652Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090652Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | c987597f8d26a90534bd510dbff3d0144b7aa3275ddd0bfba52a9bc5ffecba29 gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 2a6b6417631ef3ace093e2651b0b5991902b7b93770e625d7df3141490d90d4f gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,333 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090652Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2a6b6417631ef3ace093e2651b0b5991902b7b93770e625d7df3141490d90d4f', 'amz-sdk-invocation-id': b'82362f39-c786-4d39-b1c7-a04b131d44bb', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:52,334 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:52,334 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,334 [248] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933: {'manifest_hash': 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:52,335 [248] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 with expiration {'manifest_hash': 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,335 [248] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 with expiration {'manifest_hash': 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,335 [248] [DEBUG] [app] Ending request: urn:request:23134a28-d13e-43ed-a367-8f7af403e31f (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:23134a28-d13e-43ed-a367-8f7af403e31f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,336 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,336 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.058 1826 0.058) gunicorn-web stdout | 2025-11-04 09:06:52,340 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,344 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,346 [246] [DEBUG] [app] Starting request: urn:request:c621b282-5db9-46eb-8d33-3c71a3d8d412 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,346 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,346 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,347 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,349 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,352 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,356 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 1, 0]) manifestbackfillworker stdout | 2025-11-04 09:06:52,357 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,359 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,360 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,360 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,363 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea gunicorn-web stdout | 2025-11-04 09:06:52,363 [247] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea; calling loader gunicorn-web stdout | 2025-11-04 09:06:52,364 [247] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:52,364 [247] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea gunicorn-web stdout | 2025-11-04 09:06:52,366 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,367 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,369 [247] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:52,370 [247] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea: {'manifest_hash': 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:52,370 [247] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea with expiration {'manifest_hash': 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,370 [247] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea with expiration {'manifest_hash': 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,371 [247] [DEBUG] [app] Ending request: urn:request:acb4a472-209e-4f95-b005-36f697cb691a (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:acb4a472-209e-4f95-b005-36f697cb691a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,371 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,372 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.060 1826 0.059) gunicorn-web stdout | 2025-11-04 09:06:52,373 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,374 [249] [DEBUG] [app] Starting request: urn:request:8e2f6d28-a0b4-4d56-82c3-0ccd89a95838 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,374 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,374 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,374 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,378 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,382 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,385 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,387 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,387 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,387 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,387 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,388 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,388 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,388 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,388 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,388 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247212388, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,389 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,394 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247212393, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,395 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,396 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,397 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,401 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,402 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,405 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['8625d6e4-2f6f-4d10-aa88-7a6729558869']) gunicorn-web stdout | 2025-11-04 09:06:52,406 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,409 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'} gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,410 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:52,410 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090652Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090652Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 895b990376e6b245ef8da628c4ac3c706f572875b1995990915698ff5b86a8b7 gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | a707e23f58dc04e37ddaff93576762bede5e1b25319769db98ea41dbaa58e3e2 gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:52,411 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,412 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090652Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=a707e23f58dc04e37ddaff93576762bede5e1b25319769db98ea41dbaa58e3e2', 'amz-sdk-invocation-id': b'7b2f4383-c9c7-4d67-8dc7-ebd2caf723ab', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:52,412 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:52,412 [246] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (2): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:06:52,412 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 HTTP/1.1" 200 1472 gunicorn-web stdout | 2025-11-04 09:06:52,413 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnhr-8db4hb-d9', 'x-amz-id-2': 'mhkchnhr-8db4hb-d9', 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1472', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:52,413 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,413 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,413 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,413 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,413 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,413 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,414 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchnhr-8db4hb-d9', 'HostId': 'mhkchnhr-8db4hb-d9', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnhr-8db4hb-d9', 'x-amz-id-2': 'mhkchnhr-8db4hb-d9', 'etag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'content-type': 'application/octet-stream', 'content-length': '1472', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 12, tzinfo=tzutc()), 'ContentLength': 1472, 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,415 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,417 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,419 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 9, 'sha256:87379020f3b6731a4b64976e614d305f5c121d153c049d14ba600ff24bbac012', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,422 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,424 [246] [DEBUG] [app] Ending request: urn:request:831aabca-367d-429d-b954-cdd52ae727dd (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:831aabca-367d-429d-b954-cdd52ae727dd', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,425 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,425 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.160 1796 0.160) gunicorn-web stdout | 2025-11-04 09:06:52,425 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c gunicorn-web stdout | 2025-11-04 09:06:52,426 [249] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c; calling loader gunicorn-web stdout | 2025-11-04 09:06:52,426 [249] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:52,426 [249] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c gunicorn-web stdout | 2025-11-04 09:06:52,429 [249] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (1): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 gunicorn-web stdout | 2025-11-04 09:06:52,437 [249] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:52,439 [249] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c: {'manifest_hash': 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:52,439 [249] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c with expiration {'manifest_hash': 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,439 [249] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c with expiration {'manifest_hash': 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,439 [249] [DEBUG] [app] Ending request: urn:request:8e2f6d28-a0b4-4d56-82c3-0ccd89a95838 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:8e2f6d28-a0b4-4d56-82c3-0ccd89a95838', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,440 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.068 1826 0.068) gunicorn-web stdout | 2025-11-04 09:06:52,440 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:52,452 [246] [DEBUG] [app] Starting request: urn:request:ebed21db-6121-4104-abd2-f9d60b1058ce (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,452 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,453 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,453 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,465 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,465 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,465 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,465 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,465 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,466 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,466 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,466 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,467 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,472 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,473 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,479 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,484 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,488 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,491 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,495 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247212494, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,500 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247212499, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,506 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,510 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,514 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['89cf30ce-ff39-4fd8-9cf2-5395bfdb63e4']) gunicorn-web stdout | 2025-11-04 09:06:52,517 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:52,518 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'} gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:52,519 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090652Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090652Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 81e217d04e83ebdd506c16be50c1fa2edb320dd2ac15fb3e183e149e32fd1950 gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | d51fa1c92ad36e7539e02ed9728676b9e33aa3e7968466f287b10dcac1465dff gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090652Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=d51fa1c92ad36e7539e02ed9728676b9e33aa3e7968466f287b10dcac1465dff', 'amz-sdk-invocation-id': b'4353924f-dbd1-4621-bf9f-42c554c9d1e6', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:52,520 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:52,521 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 HTTP/1.1" 200 1460 gunicorn-web stdout | 2025-11-04 09:06:52,521 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnkz-aak8jq-nsn', 'x-amz-id-2': 'mhkchnkz-aak8jq-nsn', 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1460', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:52,521 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,522 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,522 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,522 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,522 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,522 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchnkz-aak8jq-nsn', 'HostId': 'mhkchnkz-aak8jq-nsn', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnkz-aak8jq-nsn', 'x-amz-id-2': 'mhkchnkz-aak8jq-nsn', 'etag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'content-type': 'application/octet-stream', 'content-length': '1460', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 17, tzinfo=tzutc()), 'ContentLength': 1460, 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,524 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,528 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:ff2d9c2b154fd3b791f0dcffed0c3c63e3cc5b3549781f2f471478ef124fa11e', 1, 9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,532 [246] [DEBUG] [app] Ending request: urn:request:c621b282-5db9-46eb-8d33-3c71a3d8d412 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:c621b282-5db9-46eb-8d33-3c71a3d8d412', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,533 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,533 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.190 1796 0.190) gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 HTTP/1.1" 200 1453 gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnmz-bhb4jm-sga', 'x-amz-id-2': 'mhkchnmz-bhb4jm-sga', 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1453', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,535 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchnmz-bhb4jm-sga', 'HostId': 'mhkchnmz-bhb4jm-sga', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnmz-bhb4jm-sga', 'x-amz-id-2': 'mhkchnmz-bhb4jm-sga', 'etag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'content-type': 'application/octet-stream', 'content-length': '1453', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 15, tzinfo=tzutc()), 'ContentLength': 1453, 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,537 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,542 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:122c52305f257cb504fa1e6417a0e2be0a91c6e8597236feced3168597406ed8', 1, 9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,548 [246] [DEBUG] [app] Ending request: urn:request:ebed21db-6121-4104-abd2-f9d60b1058ce (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:ebed21db-6121-4104-abd2-f9d60b1058ce', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,548 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,549 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.098 1796 0.098) gunicorn-web stdout | 2025-11-04 09:06:52,668 [246] [DEBUG] [app] Starting request: urn:request:ddb3abbd-8f28-4795-aa93-4c16544b7cc3 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,668 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,669 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,669 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,681 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,681 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,682 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,682 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,682 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,682 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,682 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,682 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,683 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,688 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,689 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,694 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,699 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,703 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,704 [249] [DEBUG] [app] Starting request: urn:request:d958ec5d-5e56-49fd-95f8-a68ada42d38e (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,704 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,704 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,705 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,706 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,710 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247212710, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,715 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247212715, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,716 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,718 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,719 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,722 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,722 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,723 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,726 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c9d5a016-6b2e-4115-8c6a-27ad74e7b2c6']) gunicorn-web stdout | 2025-11-04 09:06:52,729 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:52,729 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'} gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,730 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090652Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:52,731 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090652Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | f228a433efe7e5502ca5071554b7e00984c8d3d4b117fc39a4c896aa3502db8e gunicorn-web stdout | 2025-11-04 09:06:52,732 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | ec045a72df21cfddb8dbf746970f03c5d13117e09ad3d862585e6dc626f2fa56 gunicorn-web stdout | 2025-11-04 09:06:52,732 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,732 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:52,732 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,732 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090652Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ec045a72df21cfddb8dbf746970f03c5d13117e09ad3d862585e6dc626f2fa56', 'amz-sdk-invocation-id': b'1e3f27d8-f029-41f8-869f-80f1c2e9c322', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:52,732 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:52,735 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,738 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,741 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,744 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnsu-eyvogq-bfb', 'x-amz-id-2': 'mhkchnsu-eyvogq-bfb', 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,748 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,748 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,749 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchnsu-eyvogq-bfb', 'HostId': 'mhkchnsu-eyvogq-bfb', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnsu-eyvogq-bfb', 'x-amz-id-2': 'mhkchnsu-eyvogq-bfb', 'etag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 20, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,750 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,751 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 gunicorn-web stdout | 2025-11-04 09:06:52,751 [249] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132; calling loader gunicorn-web stdout | 2025-11-04 09:06:52,752 [249] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:52,752 [249] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 gunicorn-web stdout | 2025-11-04 09:06:52,753 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:cd719190bb511a8ac7cf73b99bec41e528f046a4b96921c93a22ad0813bcd87a', 1, 9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,757 [249] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:52,758 [246] [DEBUG] [app] Ending request: urn:request:ddb3abbd-8f28-4795-aa93-4c16544b7cc3 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:ddb3abbd-8f28-4795-aa93-4c16544b7cc3', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,758 [248] [DEBUG] [app] Starting request: urn:request:6d0e55dd-7b85-4cd1-8bb0-e825ff98083a (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,758 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,759 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,759 [249] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132: {'manifest_hash': 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:52,759 [249] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 with expiration {'manifest_hash': 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,759 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,759 [249] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 with expiration {'manifest_hash': 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,759 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:52,759 [249] [DEBUG] [app] Ending request: urn:request:d958ec5d-5e56-49fd-95f8-a68ada42d38e (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:d958ec5d-5e56-49fd-95f8-a68ada42d38e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.092 1796 0.092) gunicorn-web stdout | 2025-11-04 09:06:52,760 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,760 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,760 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.057 1826 0.057) gunicorn-web stdout | 2025-11-04 09:06:52,772 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,772 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,772 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,773 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,773 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,773 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,773 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,773 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,774 [246] [DEBUG] [app] Starting request: urn:request:0334d52b-0c49-4b35-bac6-afc3b651e071 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,774 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,774 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,775 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,775 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,779 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,780 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,786 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,786 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,786 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,786 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,786 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,786 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,787 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,787 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,787 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,788 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,791 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,793 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,794 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,794 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,797 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,800 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,801 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247212800, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,805 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,806 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247212806, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,808 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,810 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,811 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,814 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,815 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,819 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['245d7d88-d237-4046-909c-047178021b9e']) gunicorn-web stdout | 2025-11-04 09:06:52,820 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,822 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:52,823 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc gunicorn-web stdout | 2025-11-04 09:06:52,823 [246] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc; calling loader gunicorn-web stdout | 2025-11-04 09:06:52,823 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:52,823 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'} gunicorn-web stdout | 2025-11-04 09:06:52,823 [246] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:06:52,823 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:52,824 [246] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc gunicorn-web stdout | 2025-11-04 09:06:52,824 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090652Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090652Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 7e39f782ae5bb7ffb6ea1283dd49a0e738f78a2f25924513971461378a14c3e1 gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | cb1269394ae3bb8842a2fe8a2b2814fa54cb5b01de99b10ee8e8b58471854090 gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,825 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090652Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=cb1269394ae3bb8842a2fe8a2b2814fa54cb5b01de99b10ee8e8b58471854090', 'amz-sdk-invocation-id': b'e533df64-e877-4681-a741-9ad4a6804329', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:52,826 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:52,830 [246] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:06:52,832 [246] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc: {'manifest_hash': 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:06:52,832 [246] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc with expiration {'manifest_hash': 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,832 [246] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc with expiration {'manifest_hash': 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:06:52,832 [246] [DEBUG] [app] Ending request: urn:request:0334d52b-0c49-4b35-bac6-afc3b651e071 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:0334d52b-0c49-4b35-bac6-afc3b651e071', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,833 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,834 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.062 1826 0.062) gunicorn-web stdout | 2025-11-04 09:06:52,838 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:06:52,838 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnvf-gi5gii-wfi', 'x-amz-id-2': 'mhkchnvf-gi5gii-wfi', 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:52,838 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,839 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,839 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,839 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,839 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,839 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchnvf-gi5gii-wfi', 'HostId': 'mhkchnvf-gi5gii-wfi', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnvf-gi5gii-wfi', 'x-amz-id-2': 'mhkchnvf-gi5gii-wfi', 'etag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 23, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,841 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,844 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 9, 'sha256:46b5947a368c82da2a25216b85057a03081fa6e86e9b72c2ec471115009a2123', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,850 [248] [DEBUG] [app] Ending request: urn:request:6d0e55dd-7b85-4cd1-8bb0-e825ff98083a (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:6d0e55dd-7b85-4cd1-8bb0-e825ff98083a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,850 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.093 1796 0.093) gunicorn-web stdout | 2025-11-04 09:06:52,850 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:06:52,866 [246] [DEBUG] [app] Starting request: urn:request:d706ddac-a8d6-4e1e-b1d3-13b65428e858 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,866 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,866 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,867 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,879 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,879 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,880 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,880 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,880 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,880 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,880 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,880 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,881 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,886 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,887 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,893 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,893 [248] [DEBUG] [app] Starting request: urn:request:e085f489-14dd-4c7f-b2bb-aa14edc53bf0 (/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:06:52,893 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,893 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,894 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,898 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,902 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,904 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:06:52,904 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:06:52,904 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,904 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:06:52,904 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:06:52,905 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,905 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,905 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,905 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,906 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,909 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247212908, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,911 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:06:52,912 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,914 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247212913, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,918 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,918 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,923 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,923 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,926 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['7198d319-55da-4767-9f1a-ea3fba192665']) gunicorn-web stdout | 2025-11-04 09:06:52,927 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,930 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:06:52,931 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'} gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:06:52,932 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090652Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090652Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | eaf3454faec8a29e86c46d4881e088d69cf49b843adbb44e94045477dfa2d53a gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 2503bed7bc1206bfba3830e465da6a476d07137bd26bf0935a4a71088164f6b6 gunicorn-web stdout | 2025-11-04 09:06:52,933 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,934 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:06:52,934 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,934 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090652Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2503bed7bc1206bfba3830e465da6a476d07137bd26bf0935a4a71088164f6b6', 'amz-sdk-invocation-id': b'22c41a72-fe96-45eb-acc6-c718b92fefa4', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:06:52,934 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:06:52,935 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."repository_id", "t2"."digest", "t2"."media_type_id", "t2"."manifest_bytes", "t2"."config_media_type", "t2"."layers_compressed_size", "t2"."subject", "t2"."subject_backfilled", "t2"."artifact_type", "t2"."artifact_type_backfilled" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."name" = %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', None, 1762247212934, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,941 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."tag_name", "t1"."tag_pull_count", "t1"."last_tag_pull_date", "t1"."current_manifest_digest" FROM "tagpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."tag_name" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,944 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [9, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,945 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd HTTP/1.1" 200 1455 gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnyf-1riyel-vf6', 'x-amz-id-2': 'mhkchnyf-1riyel-vf6', 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1455', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:06:52,946 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkchnyf-1riyel-vf6', 'HostId': 'mhkchnyf-1riyel-vf6', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkchnyf-1riyel-vf6', 'x-amz-id-2': 'mhkchnyf-1riyel-vf6', 'etag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'content-type': 'application/octet-stream', 'content-length': '1455', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:06:52 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 26, tzinfo=tzutc()), 'ContentLength': 1455, 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:06:52,947 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."manifest_digest", "t1"."manifest_pull_count", "t1"."last_manifest_pull_date" FROM "manifestpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."manifest_digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,948 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,951 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [9, 1, 0]) gunicorn-web stdout | 2025-11-04 09:06:52,952 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 9, 'sha256:55b62457923c4f107ac9cb1d535ca1afbdad4b04bae1ffcbebd9f2f381378eca', 1]) gunicorn-web stdout | 2025-11-04 09:06:52,954 [248] [DEBUG] [app] Ending request: urn:request:e085f489-14dd-4c7f-b2bb-aa14edc53bf0 (/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics) {'endpoint': 'api.repositorytagpullstatistics', 'request_id': 'urn:request:e085f489-14dd-4c7f-b2bb-aa14edc53bf0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics', 'path': '/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,954 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:52,955 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/tag/busybox/pull_statistics HTTP/1.0" 200 292 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/tag/busybox/pull_statistics HTTP/1.1" 200 292 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.063 1743 0.063) gunicorn-web stdout | 2025-11-04 09:06:52,957 [246] [DEBUG] [app] Ending request: urn:request:d706ddac-a8d6-4e1e-b1d3-13b65428e858 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:d706ddac-a8d6-4e1e-b1d3-13b65428e858', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:06:52,957 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.092 1796 0.092) gunicorn-web stdout | 2025-11-04 09:06:52,958 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:06:52 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" teamsyncworker stdout | 2025-11-04 09:06:54,049 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:54,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:06:54,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:04.140529+00:00 (in 9.999548 seconds) proxycacheblobworker stdout | 2025-11-04 09:06:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:04 GMT)" (scheduled at 2025-11-04 09:06:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:06:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:06:54,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 54, 141324), True, datetime.datetime(2025, 11, 4, 9, 6, 54, 141324), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:06:54,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:06:54,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:06:54,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:06:54,517 [249] [DEBUG] [app] Starting request: urn:request:3a8c7ace-f921-4570-8bb6-e4f3d4700c33 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:06:54,518 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:06:54,520 [257] [DEBUG] [app] Starting request: urn:request:478aa4d5-9dff-401e-b743-f16517ed1208 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:54,520 [257] [DEBUG] [app] Ending request: urn:request:478aa4d5-9dff-401e-b743-f16517ed1208 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:478aa4d5-9dff-401e-b743-f16517ed1208', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:54,521 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:54,521 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:06:54,522 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:54,523 [246] [DEBUG] [app] Starting request: urn:request:4e517879-3748-4097-8e17-c9560f5474d3 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:54,524 [246] [DEBUG] [app] Ending request: urn:request:4e517879-3748-4097-8e17-c9560f5474d3 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:4e517879-3748-4097-8e17-c9560f5474d3', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:06:54,524 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:06:54,524 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:54,525 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:54,525 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:54,525 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:54,534 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:54,534 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:54,544 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:54,547 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:54,550 [249] [DEBUG] [app] Ending request: urn:request:3a8c7ace-f921-4570-8bb6-e4f3d4700c33 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:3a8c7ace-f921-4570-8bb6-e4f3d4700c33', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:54,550 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:54,550 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.034 118 0.034) gunicorn-web stdout | 2025-11-04 09:06:54,587 [249] [DEBUG] [app] Starting request: urn:request:69fa259a-9e75-4890-b5a6-b0ce474ae07c (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:06:54,589 [257] [DEBUG] [app] Starting request: urn:request:b76ff481-8f75-4844-826e-145e2c258f07 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:06:54,590 [257] [DEBUG] [app] Ending request: urn:request:b76ff481-8f75-4844-826e-145e2c258f07 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:b76ff481-8f75-4844-826e-145e2c258f07', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:06:54,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:06:54,590 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:06:54,591 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:06:54,592 [248] [DEBUG] [app] Starting request: urn:request:8bf438d6-406c-4771-9256-e1edecb11160 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:06:54,593 [248] [DEBUG] [app] Ending request: urn:request:8bf438d6-406c-4771-9256-e1edecb11160 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:8bf438d6-406c-4771-9256-e1edecb11160', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:06:54,593 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:06:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:06:54,593 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:06:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:06:54,594 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:06:54,594 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:06:54,594 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:06:54,602 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:06:54,602 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:06:54,611 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:06:54,615 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:06:54,618 [249] [DEBUG] [app] Ending request: urn:request:69fa259a-9e75-4890-b5a6-b0ce474ae07c (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:69fa259a-9e75-4890-b5a6-b0ce474ae07c', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:06:54,618 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:06:54,619 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:06:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:06:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) globalpromstats stdout | 2025-11-04 09:06:55,640 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:06:55,848 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:06:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:06:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:04.952363+00:00 (in 8.995318 seconds) gcworker stdout | 2025-11-04 09:06:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:25 GMT)" (scheduled at 2025-11-04 09:06:55.956600+00:00) gcworker stdout | 2025-11-04 09:06:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:06:55,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246915969, None, 1, 0]) gcworker stdout | 2025-11-04 09:06:55,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:06:55,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:06:56,168 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:06:56,859 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:06:57,358 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:06:57,547 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:06:57,757 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: expiredappspecifictokenworker stdout | 2025-11-04 09:06:58,439 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:06:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:06:59,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:09.156372+00:00 (in 9.999575 seconds) notificationworker stdout | 2025-11-04 09:06:59,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:09 GMT)" (scheduled at 2025-11-04 09:06:59.156372+00:00) notificationworker stdout | 2025-11-04 09:06:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:06:59,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 6, 59, 157162), True, datetime.datetime(2025, 11, 4, 9, 6, 59, 157162), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:06:59,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:06:59,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:06:59,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:06:59,355 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:06:59,565 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:07:00,562 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:07:00,651 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:07:01,411 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:07:01,417 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:07:01,423 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,682 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,686 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,776 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,783 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,786 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,788 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,789 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,789 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:03,792 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:04,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:14.140529+00:00 (in 9.999448 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:14 GMT)" (scheduled at 2025-11-04 09:07:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:07:04,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 4, 141441), True, datetime.datetime(2025, 11, 4, 9, 7, 4, 141441), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:07:04,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:07:04,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:07:04,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:14 GMT)" executed successfully gcworker stdout | 2025-11-04 09:07:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:07:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:25.956600+00:00 (in 21.003646 seconds) gcworker stdout | 2025-11-04 09:07:04,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:34 GMT)" (scheduled at 2025-11-04 09:07:04.952363+00:00) gcworker stdout | 2025-11-04 09:07:04,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037624953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:07:04,969 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:07:04,969 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:07:04,969 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:34 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:07:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:07:07,253 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:21.254713+00:00 (in 14.001732 seconds) securityworker stdout | 2025-11-04 09:07:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:37 GMT)" (scheduled at 2025-11-04 09:07:07.252445+00:00) securityworker stdout | 2025-11-04 09:07:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:07:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:07:07,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:07:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:07:07,269 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,272 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,272 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:07,272 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,273 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 19, 29]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:07:07,277 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:07:07,277 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stdout | 2025-11-04 09:07:07,277 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-29 securityworker stdout | 2025-11-04 09:07:07,277 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,277 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,278 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stdout | 2025-11-04 09:07:07,278 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,278 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,278 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 35, 45]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:07:07,281 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 35-45 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Right range 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 35-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-19 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-19 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 9 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 9 securityworker stdout | 2025-11-04 09:07:07,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 6, 16]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 6-16 by worker securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 6-16 by worker securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 6-16 securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 6-16 securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 3 with 4 total holes securityworker stdout | 2025-11-04 09:07:07,285 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 6-16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 6-16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 3 with 4 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 35-45 securityworker stdout | 2025-11-04 09:07:07,286 [93] [DEBUG] [util.migrate.allocator] Right range 35-45 securityworker stdout | 2025-11-04 09:07:07,286 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-35 securityworker stdout | 2025-11-04 09:07:07,286 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 29-35 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 29 securityworker stdout | 2025-11-04 09:07:07,287 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 29, 39]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-29 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-29 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Merging with block 35-45 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 35-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 19-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Right range 6-16 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-6 securityworker stdout | 2025-11-04 09:07:07,290 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 6-16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-6 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:07,291 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Merging with block 6-16 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 16 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Total range: 16-49 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 6-16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 16-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Left range 19-45 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stdout | 2025-11-04 09:07:07,294 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 19-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 45-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 45 securityworker stdout | 2025-11-04 09:07:07,295 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 45, 49]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 45-49 by worker securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-45 securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-45 securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 19 securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Total range: 16-19 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 45-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 19-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 19-45 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 19 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 16-19 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 16-19 securityworker stdout | 2025-11-04 09:07:07,298 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 16-19 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stdout | 2025-11-04 09:07:07,299 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 16, 26]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 16-26 by worker securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 16-26 by worker securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 16-26 securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 16 securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 26 securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Total range: 26-16 securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 16-26 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 26 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 26-16 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:07,303 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,304 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 29, 39]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 29-39 securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Right range 29-39 securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:07:07,307 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:07:07,308 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 17, 27]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:07:07,311 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Left range 17-27 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Right range 29-39 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-29 securityworker stdout | 2025-11-04 09:07:07,312 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 27 securityworker stdout | 2025-11-04 09:07:07,313 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 27, 37]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 17-27 securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] Already merged with block 17-27 securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] Merging with block 29-39 securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,316 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-39 securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [util.migrate.allocator] Left range 17-39 securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 39-49 securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 17-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 39-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,317 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 39, 49]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 39-49 by worker securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 39-49 by worker securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 39-49 securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 17-39 securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Already merged with block 17-39 securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 17 securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Total range: 1-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 39-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 17-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 17-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-17 securityworker stdout | 2025-11-04 09:07:07,321 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 7 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 7 securityworker stdout | 2025-11-04 09:07:07,322 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 4, 14]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 4-14 by worker securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 4-14 by worker securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 4-14 securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-14 securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Total range: 1-17 securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Left range 4-14 securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:07:07,325 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:07:07,326 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 14, 24]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-14 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-14 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 4 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 4 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-4 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Total range: 1-4 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-4 securityworker stdout | 2025-11-04 09:07:07,330 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-4 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:07,331 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 1, 11]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:07,334 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,335 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 4, 14]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 4-14 by worker securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 4-14 by worker securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 4-14 securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-14 securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Right range 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-4 securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-4 securityworker stdout | 2025-11-04 09:07:07,338 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:07,339 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 1, 11]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Merging with block 4-14 securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 14 securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Total range: 14-49 securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 4-14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 14 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 14-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,343 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,344 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 17, 27]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-27 securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Total range: 14-49 securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Right range 17-27 securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 14-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Right range 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 14-17 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:07:07,347 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 14 securityworker stdout | 2025-11-04 09:07:07,348 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 14, 24]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Merging with block 17-27 securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 27 securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Total range: 27-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 17-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 27-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-49 securityworker stdout | 2025-11-04 09:07:07,351 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,352 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 29, 39]) securityworker stdout | 2025-11-04 09:07:07,355 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stdout | 2025-11-04 09:07:07,355 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 29-39 securityworker stdout | 2025-11-04 09:07:07,355 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 29-39 securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [util.migrate.allocator] Total range: 27-49 securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [util.migrate.allocator] Left range 29-39 securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 39-49 securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 27-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Left range 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 39-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:07:07,356 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 39, 49]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 39-49 by worker securityworker stdout | 2025-11-04 09:07:07,359 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 39-49 by worker securityworker stdout | 2025-11-04 09:07:07,359 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 39-49 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 29-39 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Already merged with block 29-39 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 29 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 39-49 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 29-39 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 27-29 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Total range: 27-29 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-29 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 27-29 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 27 securityworker stdout | 2025-11-04 09:07:07,360 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 7, 257359), 27, 37]) securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 27-37 by worker securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 27 securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 37 securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] Total range: 37-27 securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:07,364 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 27-37 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 37 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] Total range: 37-27 securityworker stderr | 2025-11-04 09:07:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:07,364 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:07:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:07:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:37.446883+00:00 (in 30.001713 seconds) namespacegcworker stdout | 2025-11-04 09:07:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:07 GMT)" (scheduled at 2025-11-04 09:07:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:07:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:07:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 7, 445517), True, datetime.datetime(2025, 11, 4, 9, 7, 7, 445517), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:07:07,459 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:07:07,459 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:07:07,459 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:07:07,663 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:07,854 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:19.156372+00:00 (in 9.999549 seconds) notificationworker stdout | 2025-11-04 09:07:09,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:19 GMT)" (scheduled at 2025-11-04 09:07:09.156372+00:00) notificationworker stdout | 2025-11-04 09:07:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:07:09,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 9, 157247), True, datetime.datetime(2025, 11, 4, 9, 7, 9, 157247), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:07:09,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:07:09,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:07:09,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:07:09,516 [249] [DEBUG] [app] Starting request: urn:request:9e18003e-b000-4d25-a4ff-b3ac7e0b1b2f (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:07:09,517 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:07:09,519 [264] [DEBUG] [app] Starting request: urn:request:526a6557-b933-4354-818a-afbeb4f39197 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:09,519 [264] [DEBUG] [app] Ending request: urn:request:526a6557-b933-4354-818a-afbeb4f39197 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:526a6557-b933-4354-818a-afbeb4f39197', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:09,520 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:07:09,520 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:09,521 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:09,523 [246] [DEBUG] [app] Starting request: urn:request:40cdbeef-b604-4225-b66e-3eb82d4b0cf9 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:09,524 [246] [DEBUG] [app] Ending request: urn:request:40cdbeef-b604-4225-b66e-3eb82d4b0cf9 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:40cdbeef-b604-4225-b66e-3eb82d4b0cf9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:07:09,525 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:09,525 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:09,525 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:09,525 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:09,525 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:09,534 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:09,534 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:09,543 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:09,547 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:09,550 [249] [DEBUG] [app] Ending request: urn:request:9e18003e-b000-4d25-a4ff-b3ac7e0b1b2f (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:9e18003e-b000-4d25-a4ff-b3ac7e0b1b2f', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:09,550 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:09,551 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.035) gunicorn-web stdout | 2025-11-04 09:07:09,588 [249] [DEBUG] [app] Starting request: urn:request:18931ea0-68af-4279-8bde-d7562d6b7876 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:07:09,589 [257] [DEBUG] [app] Starting request: urn:request:95f70a66-39a7-46c8-81df-17c108c01f34 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:09,590 [257] [DEBUG] [app] Ending request: urn:request:95f70a66-39a7-46c8-81df-17c108c01f34 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:95f70a66-39a7-46c8-81df-17c108c01f34', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:09,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:09,590 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:07:09,591 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:09,593 [248] [DEBUG] [app] Starting request: urn:request:2c9f79e1-f255-42dd-92ef-51ee19a119c9 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:09,593 [248] [DEBUG] [app] Ending request: urn:request:2c9f79e1-f255-42dd-92ef-51ee19a119c9 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:2c9f79e1-f255-42dd-92ef-51ee19a119c9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:07:09,593 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:09,593 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:09,594 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:09,594 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:09,594 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:09,602 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:09,602 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:09,612 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:09,616 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:09,619 [249] [DEBUG] [app] Ending request: urn:request:18931ea0-68af-4279-8bde-d7562d6b7876 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:18931ea0-68af-4279-8bde-d7562d6b7876', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:09,619 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:09,619 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) securityscanningnotificationworker stdout | 2025-11-04 09:07:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:07:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:27.745810+00:00 (in 17.001553 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:07:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:10 GMT)" (scheduled at 2025-11-04 09:07:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:07:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:07:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 10, 744606), True, datetime.datetime(2025, 11, 4, 9, 7, 10, 744606), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:07:10,759 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:07:10,759 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:07:10,759 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:07:10,978 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:07:12,170 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:07:12,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:07:12,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:16.343350+00:00 (in 3.999919 seconds) exportactionlogsworker stdout | 2025-11-04 09:07:12,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:12:12 GMT)" (scheduled at 2025-11-04 09:07:12.342983+00:00) exportactionlogsworker stdout | 2025-11-04 09:07:12,344 [66] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 7, 12, 343774), 'exportactionlogs/%']) exportactionlogsworker stdout | 2025-11-04 09:07:12,357 [66] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 7, 12, 343774), True, datetime.datetime(2025, 11, 4, 9, 7, 12, 343774), 0, 'exportactionlogs/%']) exportactionlogsworker stdout | 2025-11-04 09:07:12,361 [66] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 7, 12, 343774), True, datetime.datetime(2025, 11, 4, 9, 7, 12, 343774), 0, 'exportactionlogs/%', False, datetime.datetime(2025, 11, 4, 9, 7, 12, 343774), 'exportactionlogs/%']) exportactionlogsworker stdout | 2025-11-04 09:07:12,364 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:07:12,364 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:12:12 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:07:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:07:12,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:42.952336+00:00 (in 29.999567 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:07:12,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:42 GMT)" (scheduled at 2025-11-04 09:07:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:07:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:07:12,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:07:12,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:42 GMT)" executed successfully gcworker stdout | 2025-11-04 09:07:13,483 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:24.140529+00:00 (in 9.999539 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:24 GMT)" (scheduled at 2025-11-04 09:07:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:07:14,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 14, 141412), True, datetime.datetime(2025, 11, 4, 9, 7, 14, 141412), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:07:14,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:07:14,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:07:14,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:24 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:07:16,131 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:07:16,131 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:46.130127+00:00 (in 29.998723 seconds) autopruneworker stdout | 2025-11-04 09:07:16,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:46 GMT)" (scheduled at 2025-11-04 09:07:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:07:16,139 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243636138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:07:16,145 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:07:16,145 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:07:16,145 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:46 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:07:16,170 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:07:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:07:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:28.340417+00:00 (in 11.996640 seconds) exportactionlogsworker stdout | 2025-11-04 09:07:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:16 GMT)" (scheduled at 2025-11-04 09:07:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:07:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:07:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:07:16,428 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:16,428 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:16,451 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:16,473 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:16,484 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:07:18,753 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:29.156372+00:00 (in 9.999532 seconds) notificationworker stdout | 2025-11-04 09:07:19,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:29 GMT)" (scheduled at 2025-11-04 09:07:19.156372+00:00) notificationworker stdout | 2025-11-04 09:07:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:07:19,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 19, 157209), True, datetime.datetime(2025, 11, 4, 9, 7, 19, 157209), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:07:19,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:07:19,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:07:19,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:20.247243+00:00 (in 1.001388 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:19 GMT)" (scheduled at 2025-11-04 09:07:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,246 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,259 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,259 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:07:19,259 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:07:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:07:19,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:49.635986+00:00 (in 29.999559 seconds) buildlogsarchiver stdout | 2025-11-04 09:07:19,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:49 GMT)" (scheduled at 2025-11-04 09:07:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:07:19,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 7, 19, 637428), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:07:19,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:07:19,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:07:19,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,247 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:19.245377+00:00 (in 58.997629 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,247 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:20 GMT)" (scheduled at 2025-11-04 09:07:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,261 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,261 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:07:20,261 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:07:20,963 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:07:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:07:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:37.252445+00:00 (in 15.997203 seconds) securityworker stdout | 2025-11-04 09:07:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:51 GMT)" (scheduled at 2025-11-04 09:07:21.254713+00:00) securityworker stdout | 2025-11-04 09:07:21,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:07:21,256 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:07:21,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:07:21,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:07:21,274 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:21,274 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:21,274 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:21,274 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:21,275 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:21,279 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:21,279 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:07:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:07:21,279 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:07:21,280 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:21,280 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:21,280 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:21,280 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:21,280 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:21,281 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 21, 262440), 1, 49]) securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:21,284 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:21,285 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:21,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 21, 262440), 1, 49]) securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:07:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:07:21,288 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:21,288 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:07:21,289 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:21,289 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:07:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:21,289 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:07:21,670 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:07:21,877 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:07:21,964 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:07:22,370 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:24,015 [264] [DEBUG] [app] Starting request: urn:request:5b9cfa93-292d-4355-bca6-70b9a2004538 (/v2/) {'X-Forwarded-For': '183.241.154.170, 10.129.4.13'} gunicorn-registry stdout | 2025-11-04 09:07:24,015 [264] [DEBUG] [auth.registry_jwt_auth] Called with params: (), {} gunicorn-registry stdout | 2025-11-04 09:07:24,015 [264] [DEBUG] [auth.registry_jwt_auth] No auth header. gunicorn-registry stdout | 2025-11-04 09:07:24,016 [264] [DEBUG] [app] Ending request: urn:request:5b9cfa93-292d-4355-bca6-70b9a2004538 (/v2/) {'endpoint': 'v2.v2_support_enabled', 'request_id': 'urn:request:5b9cfa93-292d-4355-bca6-70b9a2004538', 'remote_addr': '10.129.4.13', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/v2/', 'path': '/v2/', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'containers/5.34.3 (github.com/containers/image)'} nginx stdout | 10.129.4.13 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /v2/ HTTP/1.1" 401 4 "-" "containers/5.34.3 (github.com/containers/image)" (0.002 574 0.002) gunicorn-registry stdout | 2025-11-04 09:07:24,016 [264] [INFO] [gunicorn.access] 10.129.4.13 - - [04/Nov/2025:09:07:24 +0000] "GET /v2/ HTTP/1.1" 401 4 "-" "containers/5.34.3 (github.com/containers/image)" teamsyncworker stdout | 2025-11-04 09:07:24,062 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:24,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:27.142482+00:00 (in 3.001516 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:34 GMT)" (scheduled at 2025-11-04 09:07:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:07:24,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 24, 141257), True, datetime.datetime(2025, 11, 4, 9, 7, 24, 141257), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:07:24,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:07:24,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:07:24,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:07:24,516 [246] [DEBUG] [app] Starting request: urn:request:bdb2955e-e0d1-459b-9b28-f3e8e139fd2b (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:07:24,517 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:07:24,519 [264] [DEBUG] [app] Starting request: urn:request:63ea4ae3-0b84-402d-bfa0-630e91b46317 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:24,519 [264] [DEBUG] [app] Ending request: urn:request:63ea4ae3-0b84-402d-bfa0-630e91b46317 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:63ea4ae3-0b84-402d-bfa0-630e91b46317', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:24,520 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:07:24,520 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:24,521 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:24,523 [249] [DEBUG] [app] Starting request: urn:request:e0013157-a33f-4c2b-ae55-34c96e6c8043 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:24,523 [249] [DEBUG] [app] Ending request: urn:request:e0013157-a33f-4c2b-ae55-34c96e6c8043 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:e0013157-a33f-4c2b-ae55-34c96e6c8043', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:07:24,523 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:07:24,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:24,524 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:24,524 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:24,524 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:24,532 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:24,532 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:24,542 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:24,545 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:24,548 [246] [DEBUG] [app] Ending request: urn:request:bdb2955e-e0d1-459b-9b28-f3e8e139fd2b (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:bdb2955e-e0d1-459b-9b28-f3e8e139fd2b', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:24,548 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:24,549 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.034 118 0.033) gunicorn-web stdout | 2025-11-04 09:07:24,587 [246] [DEBUG] [app] Starting request: urn:request:277827d6-703c-4750-abb3-3dc163e33d23 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:07:24,589 [257] [DEBUG] [app] Starting request: urn:request:dec0e2e4-c30d-4369-ad03-7f483c2bfa72 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:24,589 [257] [DEBUG] [app] Ending request: urn:request:dec0e2e4-c30d-4369-ad03-7f483c2bfa72 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:dec0e2e4-c30d-4369-ad03-7f483c2bfa72', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:24,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:24,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:07:24,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:24,592 [249] [DEBUG] [app] Starting request: urn:request:0d50b80c-7c19-48a8-87d1-9c198afbc1dc (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:24,592 [249] [DEBUG] [app] Ending request: urn:request:0d50b80c-7c19-48a8-87d1-9c198afbc1dc (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:0d50b80c-7c19-48a8-87d1-9c198afbc1dc', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:07:24,593 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:24,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.002) gunicorn-web stdout | 2025-11-04 09:07:24,593 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:24,593 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:24,593 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:24,600 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:24,600 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:24,610 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:24,613 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:24,616 [246] [DEBUG] [app] Ending request: urn:request:277827d6-703c-4750-abb3-3dc163e33d23 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:277827d6-703c-4750-abb3-3dc163e33d23', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:24,616 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:24,616 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.029 118 0.029) gunicorn-registry stdout | 2025-11-04 09:07:24,811 [257] [DEBUG] [app] Starting request: urn:request:ab7a4e25-4aa1-438e-bf65-3b9eaee333a2 (/v2/auth) {'X-Forwarded-For': '183.241.154.170, 10.129.4.13'} gunicorn-registry stdout | 2025-11-04 09:07:24,812 [257] [DEBUG] [endpoints.v2.v2auth] Request audience: quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com gunicorn-registry stdout | 2025-11-04 09:07:24,813 [257] [DEBUG] [endpoints.v2.v2auth] Scope request: ['repository:superorg/repo1:pull'] gunicorn-registry stdout | 2025-11-04 09:07:24,814 [257] [DEBUG] [endpoints.v2.v2auth] Match: ('superorg/repo1', 'superorg/repo1', 'pull') gunicorn-registry stdout | 2025-11-04 09:07:24,826 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['superorg', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:24,826 [257] [DEBUG] [peewee.pool] No connection available in pool. gunicorn-registry stdout | 2025-11-04 09:07:24,834 [257] [DEBUG] [peewee.pool] Created new connection 140180670233024. gunicorn-registry stdout | 2025-11-04 09:07:24,840 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:24,845 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:24,848 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:24,851 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1"', []) gunicorn-registry stdout | 2025-11-04 09:07:24,855 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['public', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:24,858 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."organization_id", "t1"."creation_date", "t1"."upstream_registry", "t1"."upstream_registry_username", "t1"."upstream_registry_password", "t1"."expiration_s", "t1"."insecure" FROM "proxycacheconfig" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE (("t2"."username" = %s) AND ("t2"."organization" = %s)) LIMIT %s OFFSET %s', ['superorg', True, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:24,908 [257] [DEBUG] [app] Ending request: urn:request:ab7a4e25-4aa1-438e-bf65-3b9eaee333a2 (/v2/auth) {'endpoint': 'v2.generate_registry_jwt', 'request_id': 'urn:request:ab7a4e25-4aa1-438e-bf65-3b9eaee333a2', 'remote_addr': '10.129.4.13', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/v2/auth?scope=repository:superorg/repo1:pull&service=quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com', 'path': '/v2/auth', 'parameters': {'scope': 'repository:superorg/repo1:pull', 'service': 'quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com'}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'containers/5.34.3 (github.com/containers/image)'} gunicorn-registry stdout | 2025-11-04 09:07:24,908 [257] [DEBUG] [data.database] Disconnecting from database. gunicorn-registry stdout | 2025-11-04 09:07:24,908 [257] [DEBUG] [peewee.pool] Returning 140180670233024 to pool. nginx stdout | 10.129.4.13 (-) - - [04/Nov/2025:09:07:24 +0000] "GET /v2/auth?scope=repository%3Asuperorg%2Frepo1%3Apull&service=quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com HTTP/1.1" 200 937 "-" "containers/5.34.3 (github.com/containers/image)" (0.097 670 0.097) gunicorn-registry stdout | 2025-11-04 09:07:24,908 [257] [INFO] [gunicorn.access] 10.129.4.13 - - [04/Nov/2025:09:07:24 +0000] "GET /v2/auth?scope=repository%3Asuperorg%2Frepo1%3Apull&service=quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com HTTP/1.1" 200 937 "-" "containers/5.34.3 (github.com/containers/image)" gunicorn-registry stdout | 2025-11-04 09:07:25,170 [257] [DEBUG] [app] Starting request: urn:request:8f71ec0f-02f1-4a21-a5b4-174c21de4b48 (/v2/superorg/repo1/manifests/busybox) {'X-Forwarded-For': '183.241.154.170, 10.129.4.13'} gunicorn-registry stdout | 2025-11-04 09:07:25,171 [257] [DEBUG] [auth.registry_jwt_auth] Called with params: (), {'manifest_ref': 'busybox', 'namespace_name': 'superorg', 'repo_name': 'repo1'} gunicorn-registry stdout | 2025-11-04 09:07:25,171 [257] [DEBUG] [auth.registry_jwt_auth] Validating auth header: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IllpRTZPa3RFYzJodEg2ZWxQN1lNSVFJNmdqOXBIbzRTR05Nczc0TzRnLTAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJxdWF5IiwiYXVkIjoicXVheXJlZ2lzdHJ5LXF1YXktcXVheS1lbnRlcnByaXNlLTE1NTA5LmFwcHMucXVheXRlc3QtMTU1MDkucWUuZGV2Y2x1c3Rlci5vcGVuc2hpZnQuY29tIiwibmJmIjoxNzYyMjQ3MjQ0LCJpYXQiOjE3NjIyNDcyNDQsImV4cCI6MTc2MjI1MDg0NCwic3ViIjoiKGFub255bW91cykiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InN1cGVyb3JnL3JlcG8xIiwiYWN0aW9ucyI6WyJwdWxsIl19XSwiY29udGV4dCI6eyJjb20uYXBvc3RpbGxlLnJvb3RzIjp7InN1cGVyb3JnL3JlcG8xIjoiJGRpc2FibGVkIn0sImNvbS5hcG9zdGlsbGUucm9vdCI6IiRkaXNhYmxlZCJ9fQ.EGAY-u_f4omkYzZLYcAtywi7N5Jqhp3wqwWGPUucFUnE4Q_Ca2Gj-asvAkHjfneRB_AF-gHm7OfcK1wkWaUmsM5dtaKoxdismDFBKzsH8Rp_0-Ma7llSsImf4HCNgl8RIRXPbV5sd2TVXGoGSzIiSw7ipSBT9kCSqpxflxoBceWsZYaxnJa85w3MsxeJColgnCzJadp-So5-NPgo_xC41IKTz36_QeEIGhP4EiTde6x2MiDwRbFkqkjRWp18hiW1VGuTMr_H5OG7iafZatzevZQLWyDH53OBEvPa1AEzAUiGEq_GUe6-dF2Bj-hp4B0UIYheHRM_o-0TGEnnreNsJw gunicorn-registry stdout | 2025-11-04 09:07:25,171 [257] [DEBUG] [util.security.registry_jwt] encoded JWT: eyJhbGciOiJSUzI1NiIsImtpZCI6IllpRTZPa3RFYzJodEg2ZWxQN1lNSVFJNmdqOXBIbzRTR05Nczc0TzRnLTAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJxdWF5IiwiYXVkIjoicXVheXJlZ2lzdHJ5LXF1YXktcXVheS1lbnRlcnByaXNlLTE1NTA5LmFwcHMucXVheXRlc3QtMTU1MDkucWUuZGV2Y2x1c3Rlci5vcGVuc2hpZnQuY29tIiwibmJmIjoxNzYyMjQ3MjQ0LCJpYXQiOjE3NjIyNDcyNDQsImV4cCI6MTc2MjI1MDg0NCwic3ViIjoiKGFub255bW91cykiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InN1cGVyb3JnL3JlcG8xIiwiYWN0aW9ucyI6WyJwdWxsIl19XSwiY29udGV4dCI6eyJjb20uYXBvc3RpbGxlLnJvb3RzIjp7InN1cGVyb3JnL3JlcG8xIjoiJGRpc2FibGVkIn0sImNvbS5hcG9zdGlsbGUucm9vdCI6IiRkaXNhYmxlZCJ9fQ.EGAY-u_f4omkYzZLYcAtywi7N5Jqhp3wqwWGPUucFUnE4Q_Ca2Gj-asvAkHjfneRB_AF-gHm7OfcK1wkWaUmsM5dtaKoxdismDFBKzsH8Rp_0-Ma7llSsImf4HCNgl8RIRXPbV5sd2TVXGoGSzIiSw7ipSBT9kCSqpxflxoBceWsZYaxnJa85w3MsxeJColgnCzJadp-So5-NPgo_xC41IKTz36_QeEIGhP4EiTde6x2MiDwRbFkqkjRWp18hiW1VGuTMr_H5OG7iafZatzevZQLWyDH53OBEvPa1AEzAUiGEq_GUe6-dF2Bj-hp4B0UIYheHRM_o-0TGEnnreNsJw gunicorn-registry stdout | 2025-11-04 09:07:25,172 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."kid", "t1"."service", "t1"."jwk", "t1"."metadata", "t1"."created_date", "t1"."expiration_date", "t1"."rotation_duration", "t1"."approval_id" FROM "servicekey" AS "t1" LEFT OUTER JOIN "servicekeyapproval" AS "t2" ON ("t1"."approval_id" = "t2"."id") WHERE ((((NOT ("t1"."approval_id" IS %s) AND (("t1"."expiration_date" > %s) OR ("t1"."expiration_date" IS %s))) AND ("t1"."service" = %s)) AND (NOT (("t1"."service" = %s) AND ("t1"."expiration_date" <= %s)) OR NOT ((("t1"."service" = %s) AND ("t1"."approval_id" IS %s)) AND ("t1"."created_date" <= %s)))) AND (NOT ("t1"."expiration_date" <= %s) OR ("t1"."expiration_date" IS %s)))', [None, datetime.datetime(2025, 11, 4, 9, 7, 25, 171512), None, 'quay', 'quay', datetime.datetime(2025, 11, 4, 9, 7, 25, 171556), 'quay', None, datetime.datetime(2025, 11, 3, 9, 7, 25, 171591), datetime.datetime(2025, 10, 28, 9, 7, 25, 171616), None]) gunicorn-registry stdout | 2025-11-04 09:07:25,179 [257] [DEBUG] [auth.permissions] Identity loaded: gunicorn-registry stdout | 2025-11-04 09:07:25,179 [257] [DEBUG] [auth.permissions] Loaded signed_jwt identity for: (anonymous) gunicorn-registry stdout | 2025-11-04 09:07:25,179 [257] [DEBUG] [auth.registry_jwt_auth] Identity changed to (anonymous) gunicorn-registry stdout | 2025-11-04 09:07:25,179 [257] [DEBUG] [auth.registry_jwt_auth] Auth context set to {'com.apostille.roots': {'superorg/repo1': '$disabled'}, 'com.apostille.root': '$disabled'} gunicorn-registry stdout | 2025-11-04 09:07:25,180 [257] [DEBUG] [endpoints.v2] Checking permission for repo: superorg/repo1 gunicorn-registry stdout | 2025-11-04 09:07:25,180 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."organization_id", "t1"."creation_date", "t1"."upstream_registry", "t1"."upstream_registry_username", "t1"."upstream_registry_password", "t1"."expiration_s", "t1"."insecure" FROM "proxycacheconfig" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE (("t2"."username" = %s) AND ("t2"."organization" = %s)) LIMIT %s OFFSET %s', ['superorg', True, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,184 [257] [DEBUG] [endpoints.decorators] Skipping pull through proxy cache: instance matching query does not exist: gunicorn-registry stdout | SQL: SELECT "t1"."id", "t1"."organization_id", "t1"."creation_date", "t1"."upstream_registry", "t1"."upstream_registry_username", "t1"."upstream_registry_password", "t1"."expiration_s", "t1"."insecure" FROM "proxycacheconfig" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE (("t2"."username" = %s) AND ("t2"."organization" = %s)) LIMIT %s OFFSET %s gunicorn-registry stdout | Params: ['superorg', True, 1, 0] gunicorn-registry stdout | 2025-11-04 09:07:25,184 [257] [DEBUG] [data.cache.cache_key] Loading repository lookup from cache_key: repository_lookup_superorg_repo1_busybox gunicorn-registry stdout | 2025-11-04 09:07:25,184 [257] [DEBUG] [data.cache.impl] Checking cache for key repository_lookup_superorg_repo1_busybox gunicorn-registry stdout | 2025-11-04 09:07:25,185 [257] [DEBUG] [data.cache.impl] Found no result in cache for key repository_lookup_superorg_repo1_busybox; calling loader gunicorn-registry stdout | 2025-11-04 09:07:25,186 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,190 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,193 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,196 [257] [DEBUG] [data.cache.impl] Got loaded result for key repository_lookup_superorg_repo1_busybox: {'id': 9, 'visibility': {'id': 1, 'name': 'public'}, 'kind': {'id': 1, 'name': 'image'}, 'state': , 'namespace_user': {'stripe_id': None}} gunicorn-registry stdout | 2025-11-04 09:07:25,196 [257] [DEBUG] [data.cache.impl] Caching loaded result for key repository_lookup_superorg_repo1_busybox with expiration {'id': 9, 'visibility': {'id': 1, 'name': 'public'}, 'kind': {'id': 1, 'name': 'image'}, 'state': , 'namespace_user': {'stripe_id': None}}: 120s gunicorn-registry stdout | 2025-11-04 09:07:25,196 [257] [DEBUG] [data.cache.impl] Cached loaded result for key repository_lookup_superorg_repo1_busybox with expiration {'id': 9, 'visibility': {'id': 1, 'name': 'public'}, 'kind': {'id': 1, 'name': 'image'}, 'state': , 'namespace_user': {'stripe_id': None}}: 120s gunicorn-registry stdout | 2025-11-04 09:07:25,197 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."repository_id", "t2"."digest", "t2"."media_type_id", "t2"."manifest_bytes", "t2"."config_media_type", "t2"."layers_compressed_size", "t2"."subject", "t2"."subject_backfilled", "t2"."artifact_type", "t2"."artifact_type_backfilled" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."name" = %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', None, 1762247245197, False, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,203 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "mediatype" AS "t1"', []) gunicorn-registry stdout | 2025-11-04 09:07:25,206 [257] [DEBUG] [util.audit] Checking publishing pull_repo to the user events system gunicorn-registry stdout | 2025-11-04 09:07:25,207 [257] [DEBUG] [util.audit] Resolving IP address 10.129.4.13 gunicorn-registry stdout | 2025-11-04 09:07:25,208 [257] [DEBUG] [util.audit] Resolved IP address 10.129.4.13 gunicorn-registry stdout | 2025-11-04 09:07:25,208 [257] [DEBUG] [util.audit] Logging the pull_repo to logs system gunicorn-registry stdout | 2025-11-04 09:07:25,209 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['superorg', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,212 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "logentrykind" AS "t1"', []) gunicorn-registry stdout | 2025-11-04 09:07:25,216 [257] [DEBUG] [peewee] ('INSERT INTO "logentry3" ("kind_id", "account_id", "performer_id", "repository_id", "datetime", "ip", "metadata_json") VALUES (%s, %s, %s, %s, %s, %s, %s) RETURNING "logentry3"."id"', [41, 4, None, 9, datetime.datetime(2025, 11, 4, 9, 7, 25, 208313), '10.129.4.13', '{"repo": "repo1", "namespace": "superorg", "user-agent": "containers/5.34.3 (github.com/containers/image)", "tag": "busybox", "resolved_ip": {"provider": "internet", "service": null, "sync_token": "1645662201", "country_iso_code": null, "aws_region": null, "continent": null}}']) gunicorn-registry stdout | 2025-11-04 09:07:25,221 [257] [DEBUG] [util.audit] Track and log of pull_repo complete gunicorn-registry stdout | 2025-11-04 09:07:25,222 [257] [DEBUG] [app] Ending request: urn:request:8f71ec0f-02f1-4a21-a5b4-174c21de4b48 (/v2/superorg/repo1/manifests/busybox) {'endpoint': 'v2.fetch_manifest_by_tagname', 'request_id': 'urn:request:8f71ec0f-02f1-4a21-a5b4-174c21de4b48', 'remote_addr': '10.129.4.13', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/v2/superorg/repo1/manifests/busybox', 'path': '/v2/superorg/repo1/manifests/busybox', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'containers/5.34.3 (github.com/containers/image)'} gunicorn-registry stdout | 2025-11-04 09:07:25,222 [257] [DEBUG] [data.database] Disconnecting from database. gunicorn-registry stdout | 2025-11-04 09:07:25,222 [257] [DEBUG] [peewee.pool] Returning 140180670233024 to pool. gunicorn-registry stdout | 2025-11-04 09:07:25,223 [257] [INFO] [gunicorn.access] 10.129.4.13 - - [04/Nov/2025:09:07:25 +0000] "GET /v2/superorg/repo1/manifests/busybox HTTP/1.1" 200 2295 "-" "containers/5.34.3 (github.com/containers/image)" nginx stdout | 10.129.4.13 (-) - - [04/Nov/2025:09:07:25 +0000] "GET /v2/superorg/repo1/manifests/busybox HTTP/1.1" 200 2295 "-" "containers/5.34.3 (github.com/containers/image)" (0.054 1913 0.054) gunicorn-registry stdout | 2025-11-04 09:07:25,229 [257] [DEBUG] [util.pullmetrics] Tracked tag pull: repo_id=9 tag=busybox digest=sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83 globalpromstats stdout | 2025-11-04 09:07:25,654 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:25,798 [257] [DEBUG] [app] Starting request: urn:request:ed185666-f255-47d2-914c-a824cd5b5338 (/v2/superorg/repo1/blobs/sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6) {'X-Forwarded-For': '183.241.154.170, 10.129.4.13'} gunicorn-registry stdout | 2025-11-04 09:07:25,798 [257] [DEBUG] [auth.registry_jwt_auth] Called with params: (), {'digest': 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'namespace_name': 'superorg', 'repo_name': 'repo1'} gunicorn-registry stdout | 2025-11-04 09:07:25,798 [257] [DEBUG] [auth.registry_jwt_auth] Validating auth header: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IllpRTZPa3RFYzJodEg2ZWxQN1lNSVFJNmdqOXBIbzRTR05Nczc0TzRnLTAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJxdWF5IiwiYXVkIjoicXVheXJlZ2lzdHJ5LXF1YXktcXVheS1lbnRlcnByaXNlLTE1NTA5LmFwcHMucXVheXRlc3QtMTU1MDkucWUuZGV2Y2x1c3Rlci5vcGVuc2hpZnQuY29tIiwibmJmIjoxNzYyMjQ3MjQ0LCJpYXQiOjE3NjIyNDcyNDQsImV4cCI6MTc2MjI1MDg0NCwic3ViIjoiKGFub255bW91cykiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InN1cGVyb3JnL3JlcG8xIiwiYWN0aW9ucyI6WyJwdWxsIl19XSwiY29udGV4dCI6eyJjb20uYXBvc3RpbGxlLnJvb3RzIjp7InN1cGVyb3JnL3JlcG8xIjoiJGRpc2FibGVkIn0sImNvbS5hcG9zdGlsbGUucm9vdCI6IiRkaXNhYmxlZCJ9fQ.EGAY-u_f4omkYzZLYcAtywi7N5Jqhp3wqwWGPUucFUnE4Q_Ca2Gj-asvAkHjfneRB_AF-gHm7OfcK1wkWaUmsM5dtaKoxdismDFBKzsH8Rp_0-Ma7llSsImf4HCNgl8RIRXPbV5sd2TVXGoGSzIiSw7ipSBT9kCSqpxflxoBceWsZYaxnJa85w3MsxeJColgnCzJadp-So5-NPgo_xC41IKTz36_QeEIGhP4EiTde6x2MiDwRbFkqkjRWp18hiW1VGuTMr_H5OG7iafZatzevZQLWyDH53OBEvPa1AEzAUiGEq_GUe6-dF2Bj-hp4B0UIYheHRM_o-0TGEnnreNsJw gunicorn-registry stdout | 2025-11-04 09:07:25,798 [257] [DEBUG] [util.security.registry_jwt] encoded JWT: eyJhbGciOiJSUzI1NiIsImtpZCI6IllpRTZPa3RFYzJodEg2ZWxQN1lNSVFJNmdqOXBIbzRTR05Nczc0TzRnLTAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJxdWF5IiwiYXVkIjoicXVheXJlZ2lzdHJ5LXF1YXktcXVheS1lbnRlcnByaXNlLTE1NTA5LmFwcHMucXVheXRlc3QtMTU1MDkucWUuZGV2Y2x1c3Rlci5vcGVuc2hpZnQuY29tIiwibmJmIjoxNzYyMjQ3MjQ0LCJpYXQiOjE3NjIyNDcyNDQsImV4cCI6MTc2MjI1MDg0NCwic3ViIjoiKGFub255bW91cykiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InN1cGVyb3JnL3JlcG8xIiwiYWN0aW9ucyI6WyJwdWxsIl19XSwiY29udGV4dCI6eyJjb20uYXBvc3RpbGxlLnJvb3RzIjp7InN1cGVyb3JnL3JlcG8xIjoiJGRpc2FibGVkIn0sImNvbS5hcG9zdGlsbGUucm9vdCI6IiRkaXNhYmxlZCJ9fQ.EGAY-u_f4omkYzZLYcAtywi7N5Jqhp3wqwWGPUucFUnE4Q_Ca2Gj-asvAkHjfneRB_AF-gHm7OfcK1wkWaUmsM5dtaKoxdismDFBKzsH8Rp_0-Ma7llSsImf4HCNgl8RIRXPbV5sd2TVXGoGSzIiSw7ipSBT9kCSqpxflxoBceWsZYaxnJa85w3MsxeJColgnCzJadp-So5-NPgo_xC41IKTz36_QeEIGhP4EiTde6x2MiDwRbFkqkjRWp18hiW1VGuTMr_H5OG7iafZatzevZQLWyDH53OBEvPa1AEzAUiGEq_GUe6-dF2Bj-hp4B0UIYheHRM_o-0TGEnnreNsJw gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [auth.permissions] Identity loaded: gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [auth.permissions] Loaded signed_jwt identity for: (anonymous) gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [auth.registry_jwt_auth] Identity changed to (anonymous) gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [auth.registry_jwt_auth] Auth context set to {'com.apostille.roots': {'superorg/repo1': '$disabled'}, 'com.apostille.root': '$disabled'} gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [endpoints.v2] Checking permission for repo: superorg/repo1 gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [data.cache.impl] Checking cache for key geo_restrictions__superorg gunicorn-registry stdout | 2025-11-04 09:07:25,799 [257] [DEBUG] [data.cache.impl] Found no result in cache for key geo_restrictions__superorg; calling loader gunicorn-registry stdout | 2025-11-04 09:07:25,800 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."added", "t1"."description", "t1"."unstructured_json", "t1"."restricted_region_iso_code" FROM "namespacegeorestriction" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-registry stdout | 2025-11-04 09:07:25,804 [257] [DEBUG] [data.cache.impl] Got loaded result for key geo_restrictions__superorg: [] gunicorn-registry stdout | 2025-11-04 09:07:25,804 [257] [DEBUG] [data.cache.impl] Caching loaded result for key geo_restrictions__superorg with expiration []: 240s gunicorn-registry stdout | 2025-11-04 09:07:25,804 [257] [DEBUG] [data.cache.impl] Cached loaded result for key geo_restrictions__superorg with expiration []: 240s gunicorn-registry stdout | 2025-11-04 09:07:25,805 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."organization_id", "t1"."creation_date", "t1"."upstream_registry", "t1"."upstream_registry_username", "t1"."upstream_registry_password", "t1"."expiration_s", "t1"."insecure" FROM "proxycacheconfig" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE (("t2"."username" = %s) AND ("t2"."organization" = %s)) LIMIT %s OFFSET %s', ['superorg', True, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,808 [257] [DEBUG] [endpoints.decorators] Skipping pull through proxy cache: instance matching query does not exist: gunicorn-registry stdout | SQL: SELECT "t1"."id", "t1"."organization_id", "t1"."creation_date", "t1"."upstream_registry", "t1"."upstream_registry_username", "t1"."upstream_registry_password", "t1"."expiration_s", "t1"."insecure" FROM "proxycacheconfig" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE (("t2"."username" = %s) AND ("t2"."organization" = %s)) LIMIT %s OFFSET %s gunicorn-registry stdout | Params: ['superorg', True, 1, 0] gunicorn-registry stdout | 2025-11-04 09:07:25,808 [257] [DEBUG] [data.cache.impl] Checking cache for key repo_blob__superorg_repo1_sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6_2 gunicorn-registry stdout | 2025-11-04 09:07:25,809 [257] [DEBUG] [data.cache.impl] Found no result in cache for key repo_blob__superorg_repo1_sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6_2; calling loader gunicorn-registry stdout | 2025-11-04 09:07:25,810 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,814 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,817 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,821 [257] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:07:25,825 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d82d7341-fba3-4ba1-be5d-73f5c5a06d4d']) gunicorn-registry stdout | 2025-11-04 09:07:25,828 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "imagestoragelocation" AS "t1"', []) gunicorn-registry stdout | 2025-11-04 09:07:25,831 [257] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d82d7341-fba3-4ba1-be5d-73f5c5a06d4d']) gunicorn-registry stdout | 2025-11-04 09:07:25,834 [257] [DEBUG] [data.cache.impl] Got loaded result for key repo_blob__superorg_repo1_sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6_2: {'uuid': 'd82d7341-fba3-4ba1-be5d-73f5c5a06d4d', 'digest': 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'compressed_size': 1472, 'uncompressed_size': None, 'uploading': True, 'db_id': 86, 'inputs': {'placements': ['local_us'], 'storage_path': 'sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}} gunicorn-registry stdout | 2025-11-04 09:07:25,834 [257] [DEBUG] [data.cache.impl] Caching loaded result for key repo_blob__superorg_repo1_sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6_2 with expiration {'uuid': 'd82d7341-fba3-4ba1-be5d-73f5c5a06d4d', 'digest': 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'compressed_size': 1472, 'uncompressed_size': None, 'uploading': True, 'db_id': 86, 'inputs': {'placements': ['local_us'], 'storage_path': 'sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}}: 60s gunicorn-registry stdout | 2025-11-04 09:07:25,835 [257] [DEBUG] [data.cache.impl] Cached loaded result for key repo_blob__superorg_repo1_sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6_2 with expiration {'uuid': 'd82d7341-fba3-4ba1-be5d-73f5c5a06d4d', 'digest': 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'compressed_size': 1472, 'uncompressed_size': None, 'uploading': True, 'db_id': 86, 'inputs': {'placements': ['local_us'], 'storage_path': 'sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}}: 60s gunicorn-registry stdout | 2025-11-04 09:07:25,835 [257] [DEBUG] [endpoints.v2.blob] Looking up the direct download URL for path: sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 gunicorn-registry stdout | 2025-11-04 09:07:25,835 [257] [DEBUG] [endpoints.v2.blob] Checking for namespace superorg gunicorn-registry stdout | 2025-11-04 09:07:25,836 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/endpoints.json gunicorn-registry stdout | 2025-11-04 09:07:25,853 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/sdk-default-configuration.json gunicorn-registry stdout | 2025-11-04 09:07:25,854 [257] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler quotaregistrysizeworker stdout | 2025-11-04 09:07:25,870 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:25,874 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/service-2.json gunicorn-registry stdout | 2025-11-04 09:07:25,895 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/s3/2006-03-01/endpoint-rule-set-1.json gunicorn-registry stdout | 2025-11-04 09:07:25,898 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/partitions.json gunicorn-registry stdout | 2025-11-04 09:07:25,899 [257] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,899 [257] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7f7e5c1f1a80> gunicorn-registry stdout | 2025-11-04 09:07:25,913 [257] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,921 [257] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-registry stdout | 2025-11-04 09:07:25,923 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/botocore/data/_retry.json gunicorn-registry stdout | 2025-11-04 09:07:25,923 [257] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-registry stdout | 2025-11-04 09:07:25,924 [257] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-registry stdout | 2025-11-04 09:07:25,938 [257] [DEBUG] [botocore.loaders] Loading JSON file: /opt/app-root/lib64/python3.12/site-packages/boto3/data/s3/2006-03-01/resources-1.json gunicorn-registry stdout | 2025-11-04 09:07:25,939 [257] [DEBUG] [botocore.hooks] Event choose-service-name: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,940 [257] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,940 [257] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler ._handler at 0x7f7e5c1f1a80> gunicorn-registry stdout | 2025-11-04 09:07:25,940 [257] [DEBUG] [botocore.hooks] Event creating-client-class.s3: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,942 [257] [DEBUG] [botocore.endpoint] Setting s3 timeout as (60, 60) gunicorn-registry stdout | 2025-11-04 09:07:25,944 [257] [DEBUG] [botocore.client] Registering retry handlers for service: s3 gunicorn-registry stdout | 2025-11-04 09:07:25,944 [257] [DEBUG] [botocore.utils] Registering S3 region redirector handler gunicorn-registry stdout | 2025-11-04 09:07:25,944 [257] [DEBUG] [boto3.resources.factory] Loading s3:s3 gunicorn-registry stdout | 2025-11-04 09:07:25,945 [257] [DEBUG] [boto3.resources.factory] Loading s3:Bucket gunicorn-registry stdout | 2025-11-04 09:07:25,945 [257] [DEBUG] [boto3.resources.model] Renaming Bucket attribute name gunicorn-registry stdout | 2025-11-04 09:07:25,946 [257] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Bucket: calling handler ._handler at 0x7f7e5c1f1da0> gunicorn-registry stdout | 2025-11-04 09:07:25,946 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,946 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,946 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,946 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,947 [257] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,947 [257] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,947 [257] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-registry stdout | 2025-11-04 09:07:25,947 [257] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.hooks] Event before-call.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=HeadBucket) with params: {'url_path': '', 'query_string': {}, 'method': 'HEAD', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-registry stdout | 2025-11-04 09:07:25,948 [257] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.hooks] Event choose-signer.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.hooks] Event before-sign.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-registry stdout | HEAD gunicorn-registry stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-registry stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-registry stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-registry stdout | x-amz-date:20251104T090725Z gunicorn-registry stdout | host;x-amz-content-sha256;x-amz-date gunicorn-registry stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.auth] StringToSign: gunicorn-registry stdout | AWS4-HMAC-SHA256 gunicorn-registry stdout | 20251104T090725Z gunicorn-registry stdout | 20251104/us-east-1/s3/aws4_request gunicorn-registry stdout | b311e99607f056848dc4cbfd51251caf2877eb3398475c8ff4c7cb99aebb7b85 gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.auth] Signature: gunicorn-registry stdout | 9f34c0c93d80bf61fa7e5973828fb6fb5643ab70ba6dd878ece919f0c977f182 gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.hooks] Event request-created.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,949 [257] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-registry stdout | 2025-11-04 09:07:25,950 [257] [DEBUG] [botocore.hooks] Event before-send.s3.HeadBucket: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,950 [257] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61', 'X-Amz-Date': b'20251104T090725Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=9f34c0c93d80bf61fa7e5973828fb6fb5643ab70ba6dd878ece919f0c977f182', 'amz-sdk-invocation-id': b'0b997500-5d75-42d0-869c-ac5028d7d4be', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-registry stdout | 2025-11-04 09:07:25,951 [257] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-registry stdout | 2025-11-04 09:07:25,951 [257] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (1): s3.openshift-storage.svc.cluster.local:443 gcworker stdout | 2025-11-04 09:07:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:07:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:34.952363+00:00 (in 8.995308 seconds) gcworker stdout | 2025-11-04 09:07:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:55 GMT)" (scheduled at 2025-11-04 09:07:25.956600+00:00) gcworker stdout | 2025-11-04 09:07:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:07:25,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246945969, None, 1, 0]) gcworker stdout | 2025-11-04 09:07:25,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:07:25,974 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:07:55 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:07:25,993 [257] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "HEAD /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 HTTP/1.1" 200 0 gunicorn-registry stdout | 2025-11-04 09:07:25,993 [257] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcidgg-2kdm4m-r51', 'x-amz-id-2': 'mhkcidgg-2kdm4m-r51', 'Date': 'Tue, 04 Nov 2025 09:07:25 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-registry stdout | 2025-11-04 09:07:25,994 [257] [DEBUG] [botocore.parsers] Response body: gunicorn-registry stdout | b'' gunicorn-registry stdout | 2025-11-04 09:07:25,994 [257] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,994 [257] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-registry stdout | 2025-11-04 09:07:25,994 [257] [DEBUG] [botocore.hooks] Event needs-retry.s3.HeadBucket: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,994 [257] [DEBUG] [botocore.hooks] Event after-call.s3.HeadBucket: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-registry stdout | 2025-11-04 09:07:25,995 [257] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-registry stdout | 2025-11-04 09:07:25,996 [257] [DEBUG] [botocore.auth] Calculating signature using hmacv1 auth. gunicorn-registry stdout | 2025-11-04 09:07:25,996 [257] [DEBUG] [botocore.auth] HTTP request method: GET gunicorn-registry stdout | 2025-11-04 09:07:25,996 [257] [DEBUG] [botocore.auth] StringToSign: gunicorn-registry stdout | GET gunicorn-registry stdout | 1762247845 gunicorn-registry stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 gunicorn-registry stdout | 2025-11-04 09:07:26,040 [257] [DEBUG] [storage.downloadproxy] Proxying via URL https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/_storage_proxy/ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklsbHBSVFpQYTNSRll6Sm9kRWcyWld4UU4xbE5TVkZKTm1kcU9YQklielJUUjA1TmN6YzBUelJuTFRBaUxDSjBlWEFpT2lKS1YxUWlmUS5leUpwYzNNaU9pSnhkV0Y1SWl3aVlYVmtJam9pY1hWaGVYSmxaMmx6ZEhKNUxYRjFZWGt0Y1hWaGVTMWxiblJsY25CeWFYTmxMVEUxTlRBNUxtRndjSE11Y1hWaGVYUmxjM1F0TVRVMU1Ea3VjV1V1WkdWMlkyeDFjM1JsY2k1dmNHVnVjMmhwWm5RdVkyOXRJaXdpYm1KbUlqb3hOell5TWpRM01qUTFMQ0pwWVhRaU9qRTNOakl5TkRjeU5EVXNJbVY0Y0NJNk1UYzJNakkwTnpnME5Td2ljM1ZpSWpvaWMzUnZjbUZuWlhCeWIzaDVJaXdpWVdOalpYTnpJanBiZXlKMGVYQmxJam9pYzNSdmNtRm5aWEJ5YjNoNUlpd2lkWEpwSWpvaWNYVmhlUzFrWVhSaGMzUnZjbVV0T1dWak9HTTJOR1l0TmpNMFpDMDBObU5tTFdFeU9HUXRPV00wWmpBeU1EQTJZVGcwTDJSaGRHRnpkRzl5WVdkbEwzSmxaMmx6ZEhKNUwzTm9ZVEkxTmk4ell5OHpZekU1WW1GbVpXUXlNak0xTldVeE1XRTJNRGhqTkdJMk1UTmtPRGRrTURaaU9XTmtaRE0zWkRNM09HVTJaVEF4TnpaalltTTRaVGN4TkRSa05XTTJQMEZYVTBGalkyVnpjMHRsZVVsa1BXVTBZbk14VmxKVk5YVjZWbWRpVmpCMmJ6QnRKbE5wWjI1aGRIVnlaVDExWTFGc1lsRnViWEZHWWtSMkpUSkdVRlJVV1ZwMmFIYzJRakpOYXlVelJDWkZlSEJwY21WelBURTNOakl5TkRjNE5EVWlMQ0pvYjNOMElqb2ljek11YjNCbGJuTm9hV1owTFhOMGIzSmhaMlV1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3c2TkRReklpd2ljMk5vWlcxbElqb2lhSFIwY0hNaWZWMHNJbU52Ym5SbGVIUWlPbnQ5ZlEuWW00MDg5SXdYWTBqVjZTTVp5dEdCR2huSUdHVmtyMkYtc0IzLTdObmgzN25YVHVoMnhtdHhvOFE1TktBbXAtS05IaWZuMmFEWUtFb2VleWcxN1FKalJFUmRsWWVRTTg2WWdBbzkwRzVSYkZGNUM0VFFSMDNUOTE1YlVkaDFTQXhuR3lTQjAxSmhfYmk3THZqZmpIWEZWTkZyWUpmNUJ3SkJZZzc5YnZfU3ZuSWFKRW5KN1U3a19EbDkzQUFSbXBUZFNPalBKbVlwYTFKWGNONjdsZk55MmpxeHBndEttSTdYQnR0dFNqc2JVLVdTNjJZOW5HVnUtaDVPX25GN3hkU2l4TDlSMVgxRWFTbEZJUFM4OEJBTU9NMDJNT0xZZFNSbG53Uk8wWjNtTDZIdjFYbnYza2IwS19EWVE1RmN3M1N4MWdKMFhrRDNmcmpUS21laXNWd2Z3/https/s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6?AWSAccessKeyId=e4bs1VRU5uzVgbV0vo0m&Signature=ucQlbQnmqFbDv%2FPTTYZvhw6B2Mk%3D&Expires=1762247845 gunicorn-registry stdout | 2025-11-04 09:07:26,041 [257] [DEBUG] [endpoints.v2.blob] Returning direct download URL gunicorn-registry stdout | 2025-11-04 09:07:26,041 [257] [DEBUG] [app] Ending request: urn:request:ed185666-f255-47d2-914c-a824cd5b5338 (/v2/superorg/repo1/blobs/sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6) {'endpoint': 'v2.download_blob', 'request_id': 'urn:request:ed185666-f255-47d2-914c-a824cd5b5338', 'remote_addr': '10.129.4.13', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/v2/superorg/repo1/blobs/sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'path': '/v2/superorg/repo1/blobs/sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'containers/5.34.3 (github.com/containers/image)'} gunicorn-registry stdout | 2025-11-04 09:07:26,041 [257] [DEBUG] [data.database] Disconnecting from database. gunicorn-registry stdout | 2025-11-04 09:07:26,041 [257] [DEBUG] [peewee.pool] Returning 140180670233024 to pool. gunicorn-registry stdout | 2025-11-04 09:07:26,042 [257] [INFO] [gunicorn.access] 10.129.4.13 - - [04/Nov/2025:09:07:26 +0000] "GET /v2/superorg/repo1/blobs/sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 HTTP/1.1" 302 4183 "-" "containers/5.34.3 (github.com/containers/image)" nginx stdout | 10.129.4.13 (-) - - [04/Nov/2025:09:07:26 +0000] "GET /v2/superorg/repo1/blobs/sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 HTTP/1.1" 302 4183 "-" "containers/5.34.3 (github.com/containers/image)" (0.246 1614 0.246) chunkcleanupworker stdout | 2025-11-04 09:07:26,180 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:26,873 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:07:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:07:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:30.065093+00:00 (in 3.000742 seconds) repositorygcworker stdout | 2025-11-04 09:07:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:27 GMT)" (scheduled at 2025-11-04 09:07:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:07:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:07:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 27, 64714), True, datetime.datetime(2025, 11, 4, 9, 7, 27, 64714), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:07:27,077 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:07:27,077 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:07:27,078 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:07:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:27,142 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:34.140529+00:00 (in 6.997606 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:27 GMT)" (scheduled at 2025-11-04 09:07:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:07:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:07:27,371 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:07:27,561 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:07:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:07:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:10.743793+00:00 (in 42.997504 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:07:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:27 GMT)" (scheduled at 2025-11-04 09:07:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:07:27,746 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:07:27,746 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:27 GMT)" executed successfully blobuploadcleanupworker stdout | 2025-11-04 09:07:27,771 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:07:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:07:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:16.343350+00:00 (in 48.002498 seconds) exportactionlogsworker stdout | 2025-11-04 09:07:28,341 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:28 GMT)" (scheduled at 2025-11-04 09:07:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:07:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:07:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 28, 341224), True, datetime.datetime(2025, 11, 4, 9, 7, 28, 341224), 0, 'exportactionlogs/%', 50, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:07:28,355 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:07:28,355 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:07:28,355 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:28 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:07:28,452 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:29.157944+00:00 (in 0.001148 seconds) notificationworker stdout | 2025-11-04 09:07:29,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:39 GMT)" (scheduled at 2025-11-04 09:07:29.156372+00:00) notificationworker stdout | 2025-11-04 09:07:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:07:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 29, 157176), True, datetime.datetime(2025, 11, 4, 9, 7, 29, 157176), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:07:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:39.156372+00:00 (in 9.998181 seconds) notificationworker stdout | 2025-11-04 09:07:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:29 GMT)" (scheduled at 2025-11-04 09:07:29.157944+00:00) notificationworker stdout | 2025-11-04 09:07:29,159 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:07:29,159 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:07:29,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:07:29,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:07:29,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:07:29,368 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:07:29,577 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:07:30,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:07:30,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:51.065407+00:00 (in 20.999838 seconds) repositorygcworker stdout | 2025-11-04 09:07:30,065 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:12:30 GMT)" (scheduled at 2025-11-04 09:07:30.065093+00:00) repositorygcworker stdout | 2025-11-04 09:07:30,066 [86] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 7, 30, 65903), 'repositorygc/%']) repositorygcworker stdout | 2025-11-04 09:07:30,077 [86] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 7, 30, 65903), True, datetime.datetime(2025, 11, 4, 9, 7, 30, 65903), 0, 'repositorygc/%']) repositorygcworker stdout | 2025-11-04 09:07:30,081 [86] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 7, 30, 65903), True, datetime.datetime(2025, 11, 4, 9, 7, 30, 65903), 0, 'repositorygc/%', False, datetime.datetime(2025, 11, 4, 9, 7, 30, 65903), 'repositorygc/%']) repositorygcworker stdout | 2025-11-04 09:07:30,086 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:07:30,086 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:12:30 GMT)" executed successfully repositorygcworker stdout | 2025-11-04 09:07:30,576 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:07:30,665 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:07:31,426 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:07:31,433 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:07:31,437 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:07:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:07:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:31.643382+00:00 (in 59.999468 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:07:31,644 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:31 GMT)" (scheduled at 2025-11-04 09:07:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:07:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:07:31,655 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:07:31,655 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:31 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:07:33,699 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,703 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,797 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,804 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,807 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,812 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,814 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,818 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:07:33,808 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:34,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:44.140529+00:00 (in 9.999558 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:44 GMT)" (scheduled at 2025-11-04 09:07:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:07:34,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 34, 141343), True, datetime.datetime(2025, 11, 4, 9, 7, 34, 141343), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:07:34,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:07:34,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:07:34,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:44 GMT)" executed successfully gcworker stdout | 2025-11-04 09:07:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:07:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:55.956600+00:00 (in 21.003776 seconds) gcworker stdout | 2025-11-04 09:07:34,952 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:04 GMT)" (scheduled at 2025-11-04 09:07:34.952363+00:00) gcworker stdout | 2025-11-04 09:07:34,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037654953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:07:34,968 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:07:34,968 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:07:34,969 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:04 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:07:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:07:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:51.254713+00:00 (in 14.001812 seconds) securityworker stdout | 2025-11-04 09:07:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:07 GMT)" (scheduled at 2025-11-04 09:07:37.252445+00:00) securityworker stdout | 2025-11-04 09:07:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:07:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:07:37,255 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:07:37,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:07:37,268 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:07:37,269 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:07 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:07:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:07:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:07.444700+00:00 (in 29.997351 seconds) namespacegcworker stdout | 2025-11-04 09:07:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:37 GMT)" (scheduled at 2025-11-04 09:07:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:07:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:07:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:07:37,676 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:37,868 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:49.156372+00:00 (in 9.999588 seconds) notificationworker stdout | 2025-11-04 09:07:39,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:49 GMT)" (scheduled at 2025-11-04 09:07:39.156372+00:00) notificationworker stdout | 2025-11-04 09:07:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:07:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 39, 157170), True, datetime.datetime(2025, 11, 4, 9, 7, 39, 157170), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:07:39,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:07:39,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:07:39,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:07:39,516 [246] [DEBUG] [app] Starting request: urn:request:8bd54fa5-3ff3-401d-adab-9301cdbe795b (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:07:39,520 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:07:39,522 [264] [DEBUG] [app] Starting request: urn:request:9d0d5a71-ff7a-4542-b43a-fb4400797a16 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:39,522 [264] [DEBUG] [app] Ending request: urn:request:9d0d5a71-ff7a-4542-b43a-fb4400797a16 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:9d0d5a71-ff7a-4542-b43a-fb4400797a16', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:39,523 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:07:39,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:39,524 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:39,526 [249] [DEBUG] [app] Starting request: urn:request:56521fee-b040-44f6-9869-b02e549ad2c6 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:39,526 [249] [DEBUG] [app] Ending request: urn:request:56521fee-b040-44f6-9869-b02e549ad2c6 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:56521fee-b040-44f6-9869-b02e549ad2c6', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:07:39,526 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:39,527 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:07:39,527 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:39,527 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:39,527 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:39,534 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:39,535 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:39,544 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:39,548 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:39,551 [246] [DEBUG] [app] Ending request: urn:request:8bd54fa5-3ff3-401d-adab-9301cdbe795b (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:8bd54fa5-3ff3-401d-adab-9301cdbe795b', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:39,551 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:39,552 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.037 118 0.037) gunicorn-web stdout | 2025-11-04 09:07:39,587 [246] [DEBUG] [app] Starting request: urn:request:1645bfe1-f381-4a45-bc95-08d682f5c4bd (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:07:39,589 [257] [DEBUG] [app] Starting request: urn:request:9e32a599-9c53-4814-b41a-51d8a43973b7 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:39,590 [257] [DEBUG] [app] Ending request: urn:request:9e32a599-9c53-4814-b41a-51d8a43973b7 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:9e32a599-9c53-4814-b41a-51d8a43973b7', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:39,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:07:39,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:39,592 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:39,593 [246] [DEBUG] [app] Starting request: urn:request:92d5e18a-61d4-402e-a42f-ad89be05f322 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:39,594 [246] [DEBUG] [app] Ending request: urn:request:92d5e18a-61d4-402e-a42f-ad89be05f322 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:92d5e18a-61d4-402e-a42f-ad89be05f322', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:07:39,594 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:39,594 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:39,595 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:39,595 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:39,595 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:39,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:39,603 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:39,614 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:39,617 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:39,621 [246] [DEBUG] [app] Ending request: urn:request:1645bfe1-f381-4a45-bc95-08d682f5c4bd (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:1645bfe1-f381-4a45-bc95-08d682f5c4bd', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:39,622 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:39,622 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.036) autopruneworker stdout | 2025-11-04 09:07:40,991 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:07:42,184 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:07:42,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:07:42,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:12.952336+00:00 (in 29.999559 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:07:42,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:12 GMT)" (scheduled at 2025-11-04 09:07:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:07:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:07:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:07:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:12 GMT)" executed successfully gcworker stdout | 2025-11-04 09:07:43,497 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:54.140529+00:00 (in 9.999479 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:44,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:54 GMT)" (scheduled at 2025-11-04 09:07:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:44,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:07:44,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 44, 141513), True, datetime.datetime(2025, 11, 4, 9, 7, 44, 141513), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:07:44,156 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:07:44,157 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:07:44,157 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:54 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:07:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:07:46,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:16.130127+00:00 (in 29.999517 seconds) autopruneworker stdout | 2025-11-04 09:07:46,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:16 GMT)" (scheduled at 2025-11-04 09:07:46.130127+00:00) autopruneworker stdout | 2025-11-04 09:07:46,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243666138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:07:46,143 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:07:46,143 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:07:46,143 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:16 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:07:46,182 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:46,445 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:46,447 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:46,465 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:46,491 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:07:46,503 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:07:48,766 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:07:59.156372+00:00 (in 9.999469 seconds) notificationworker stdout | 2025-11-04 09:07:49,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:59 GMT)" (scheduled at 2025-11-04 09:07:49.156372+00:00) notificationworker stdout | 2025-11-04 09:07:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:07:49,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 49, 157294), True, datetime.datetime(2025, 11, 4, 9, 7, 49, 157294), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:07:49,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:07:49,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:07:49,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:07:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:07:49,637 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:07:49,637 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:19.635986+00:00 (in 29.998642 seconds) buildlogsarchiver stdout | 2025-11-04 09:07:49,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:19 GMT)" (scheduled at 2025-11-04 09:07:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:07:49,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 7, 49, 637617), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:07:49,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:07:49,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:07:49,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:19 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:07:50,978 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:07:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:07:51,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:27.063966+00:00 (in 35.998078 seconds) repositorygcworker stdout | 2025-11-04 09:07:51,066 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:51 GMT)" (scheduled at 2025-11-04 09:07:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:07:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:07:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:08:51 GMT)" executed successfully securityworker stdout | 2025-11-04 09:07:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:07:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:07.252445+00:00 (in 15.997286 seconds) securityworker stdout | 2025-11-04 09:07:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:21 GMT)" (scheduled at 2025-11-04 09:07:51.254713+00:00) securityworker stdout | 2025-11-04 09:07:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:07:51,256 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:07:51,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:07:51,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:51,274 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:51,274 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:51,274 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:51,274 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:51,275 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:51,279 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:51,280 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:51,280 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:51,281 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 2, 51, 262561), 1, 49]) securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:07:51,284 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:07:51,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 2, 51, 262561), 1, 49]) securityworker stdout | 2025-11-04 09:07:51,289 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:51,290 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:07:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:07:51,290 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:21 GMT)" executed successfully servicekey stdout | 2025-11-04 09:07:51,685 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:07:51,890 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:07:51,978 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:07:52,384 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:07:54,074 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:54,141 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:07:54,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:04.140529+00:00 (in 9.999122 seconds) proxycacheblobworker stdout | 2025-11-04 09:07:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:04 GMT)" (scheduled at 2025-11-04 09:07:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:07:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:07:54,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 54, 141725), True, datetime.datetime(2025, 11, 4, 9, 7, 54, 141725), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:07:54,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:07:54,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:07:54,156 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:07:54,517 [246] [DEBUG] [app] Starting request: urn:request:d6d4735e-106c-480a-82af-34e1108d191e (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:07:54,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:07:54,520 [264] [DEBUG] [app] Starting request: urn:request:c1780f18-409a-4063-822f-96688993dc66 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:54,522 [264] [DEBUG] [app] Ending request: urn:request:c1780f18-409a-4063-822f-96688993dc66 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:c1780f18-409a-4063-822f-96688993dc66', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:07:54,522 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:07:54,522 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:54,524 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:54,526 [248] [DEBUG] [app] Starting request: urn:request:01684eef-9cbc-4247-b9dc-61ff1827725a (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:54,526 [248] [DEBUG] [app] Ending request: urn:request:01684eef-9cbc-4247-b9dc-61ff1827725a (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:01684eef-9cbc-4247-b9dc-61ff1827725a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:07:54,526 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:54,526 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:54,527 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:54,527 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:54,527 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:54,534 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:54,534 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:54,544 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:54,548 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:54,551 [246] [DEBUG] [app] Ending request: urn:request:d6d4735e-106c-480a-82af-34e1108d191e (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:d6d4735e-106c-480a-82af-34e1108d191e', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:54,552 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:07:54,552 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.036 118 0.036) gunicorn-web stdout | 2025-11-04 09:07:54,587 [246] [DEBUG] [app] Starting request: urn:request:66d8dc65-be83-49b5-abfe-7519b4406794 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:07:54,589 [264] [DEBUG] [app] Starting request: urn:request:b0943e62-946e-4e29-be90-8dbcf4c4e804 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:07:54,589 [264] [DEBUG] [app] Ending request: urn:request:b0943e62-946e-4e29-be90-8dbcf4c4e804 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:b0943e62-946e-4e29-be90-8dbcf4c4e804', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-registry stdout | 2025-11-04 09:07:54,589 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:54,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:54,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:07:54,593 [248] [DEBUG] [app] Starting request: urn:request:5efa77ce-3f05-49c5-bde9-7830c061ca24 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:07:54,593 [248] [DEBUG] [app] Ending request: urn:request:5efa77ce-3f05-49c5-bde9-7830c061ca24 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:5efa77ce-3f05-49c5-bde9-7830c061ca24', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:07:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:07:54,593 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:07:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:07:54,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:07:54,594 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:07:54,594 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:07:54,594 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:07:54,601 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:07:54,601 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:07:54,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:07:54,615 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:07:54,618 [246] [DEBUG] [app] Ending request: urn:request:66d8dc65-be83-49b5-abfe-7519b4406794 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:66d8dc65-be83-49b5-abfe-7519b4406794', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:07:54,619 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:07:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) gunicorn-web stdout | 2025-11-04 09:07:54,619 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:07:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" globalpromstats stdout | 2025-11-04 09:07:55,668 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:07:55,883 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:07:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:07:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:04.952363+00:00 (in 8.995347 seconds) gcworker stdout | 2025-11-04 09:07:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:25 GMT)" (scheduled at 2025-11-04 09:07:55.956600+00:00) gcworker stdout | 2025-11-04 09:07:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:07:55,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762246975968, None, 1, 0]) gcworker stdout | 2025-11-04 09:07:55,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:07:55,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:07:56,193 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:07:56,894 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:07:57,385 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:07:57,584 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:07:57,785 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: expiredappspecifictokenworker stdout | 2025-11-04 09:07:58,466 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:07:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:07:59,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:09.156372+00:00 (in 9.999544 seconds) notificationworker stdout | 2025-11-04 09:07:59,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:09 GMT)" (scheduled at 2025-11-04 09:07:59.156372+00:00) notificationworker stdout | 2025-11-04 09:07:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:07:59,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 7, 59, 157199), True, datetime.datetime(2025, 11, 4, 9, 7, 59, 157199), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:07:59,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:07:59,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:07:59,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:07:59,381 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:07:59,591 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:08:00,590 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:08:00,685 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:08:01,447 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:08:01,447 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:08:01,451 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:02,140 [249] [DEBUG] [app] Starting request: urn:request:6829f58e-114b-462b-b54d-172da7848f03 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:02,140 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,140 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,140 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:02,142 [248] [DEBUG] [app] Starting request: urn:request:7db61333-708c-42ce-a58f-ab69131517f5 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:02,142 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,142 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,143 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,153 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:02,154 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,155 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,156 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:02,156 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:02,158 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quayorg', 1, 3, 1, 'quayorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:02,160 [248] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'superorg', 1, 3, 1, 'superorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:02,165 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s, %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [1, 10, None, 1762247282164, False]) gunicorn-web stdout | 2025-11-04 09:08:02,165 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [9, None, 1762247282165, False]) gunicorn-web stdout | 2025-11-04 09:08:02,169 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:02,170 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:02,173 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s, %s))', [1, 10]) gunicorn-web stdout | 2025-11-04 09:08:02,174 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [9]) gunicorn-web stdout | 2025-11-04 09:08:02,177 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:02,177 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:02,180 [249] [DEBUG] [app] Ending request: urn:request:6829f58e-114b-462b-b54d-172da7848f03 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:6829f58e-114b-462b-b54d-172da7848f03', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quayorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quayorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:02,180 [248] [DEBUG] [app] Ending request: urn:request:7db61333-708c-42ce-a58f-ab69131517f5 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:7db61333-708c-42ce-a58f-ab69131517f5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=superorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'superorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:02,181 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:02,181 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:02,181 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:02 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.0" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:02,181 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:02 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.0" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:02 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.1" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.043 1740 0.043) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:02 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.1" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.040 1741 0.041) gunicorn-web stdout | 2025-11-04 09:08:02,415 [247] [DEBUG] [app] Starting request: urn:request:6c6d3e8f-c1e9-40c2-82cf-1e35553039f4 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:02,415 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,416 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,416 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:02,429 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:02,429 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:02,429 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,430 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:02,430 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,430 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,430 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:02,430 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:02,431 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:02,434 [247] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quay', 1, 3, 1, 'quay', 101]) gunicorn-web stdout | 2025-11-04 09:08:02,441 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:02,445 [247] [DEBUG] [app] Ending request: urn:request:6c6d3e8f-c1e9-40c2-82cf-1e35553039f4 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:6c6d3e8f-c1e9-40c2-82cf-1e35553039f4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quay&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quay', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:02,445 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:02,446 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:02 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:02 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.032 1737 0.032) gunicorn-registry stdout | 2025-11-04 09:08:03,715 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,719 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,816 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,826 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,828 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,835 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,837 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,841 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:03,842 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:04,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:08.142131+00:00 (in 4.001126 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:14 GMT)" (scheduled at 2025-11-04 09:08:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:08:04,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 4, 141388), True, datetime.datetime(2025, 11, 4, 9, 8, 4, 141388), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:08:04,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:08:04,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:04,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:14 GMT)" executed successfully gcworker stdout | 2025-11-04 09:08:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:08:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:25.956600+00:00 (in 21.003695 seconds) gcworker stdout | 2025-11-04 09:08:04,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:34 GMT)" (scheduled at 2025-11-04 09:08:04.952363+00:00) gcworker stdout | 2025-11-04 09:08:04,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037684953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:08:04,967 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:08:04,967 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:08:04,968 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:34 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:06,310 [249] [DEBUG] [app] Starting request: urn:request:471fab4b-32cd-4876-bbf2-de091ae6dcfd (/api/v1/repository/superorg/repo1) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:06,310 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,310 [246] [DEBUG] [app] Starting request: urn:request:305fc546-90bc-4344-b29d-b841b53f39ed (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:06,310 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,310 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,310 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,311 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,311 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,327 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:06,327 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:06,327 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,327 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,328 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,328 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,330 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:06,333 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,333 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,333 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,333 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,336 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,338 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:06,337 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:06,343 [249] [DEBUG] [endpoints.api.repository] Get repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:06,343 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,343 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,343 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,344 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,344 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,344 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:06,344 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:06,344 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,344 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:06,347 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:06,348 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."repository_id", "t1"."created" FROM "star" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."user_id" = %s)) LIMIT %s OFFSET %s', [9, 1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,351 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:06,352 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."count", "t1"."date" FROM "repositoryactioncount" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."date" >= %s))', [9, datetime.date(2025, 8, 4)]) gunicorn-web stdout | 2025-11-04 09:08:06,353 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,353 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,353 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,354 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,354 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:06,355 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,355 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:06,357 [249] [DEBUG] [app] Ending request: urn:request:471fab4b-32cd-4876-bbf2-de091ae6dcfd (/api/v1/repository/superorg/repo1) {'endpoint': 'api.repository', 'request_id': 'urn:request:471fab4b-32cd-4876-bbf2-de091ae6dcfd', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1?includeStats=true&includeTags=false', 'path': '/api/v1/repository/superorg/repo1', 'parameters': {'includeStats': 'true', 'includeTags': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:06,357 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,357 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:06,358 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:06 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.0" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:06 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.1" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1757 0.052) gunicorn-web stdout | 2025-11-04 09:08:06,361 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:06,364 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:06,367 [246] [DEBUG] [app] Ending request: urn:request:305fc546-90bc-4344-b29d-b841b53f39ed (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:305fc546-90bc-4344-b29d-b841b53f39ed', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:06,368 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:06 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.060 1717 0.060) gunicorn-web stdout | 2025-11-04 09:08:06,369 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:06 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" securityworker stdout | 2025-11-04 09:08:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:08:07,253 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:21.254713+00:00 (in 14.001718 seconds) securityworker stdout | 2025-11-04 09:08:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:37 GMT)" (scheduled at 2025-11-04 09:08:07.252445+00:00) securityworker stdout | 2025-11-04 09:08:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:08:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:08:07,255 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:08:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:08:07,269 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,272 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:07,272 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:07,272 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,273 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 2, 12]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stdout | 2025-11-04 09:08:07,277 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-49 securityworker stdout | 2025-11-04 09:08:07,278 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,278 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 26, 36]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 26-36 by worker securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 26-36 by worker securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 26-36 securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 26-36 securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:08:07,281 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stdout | 2025-11-04 09:08:07,282 [93] [DEBUG] [util.migrate.allocator] Right range 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-26 securityworker stdout | 2025-11-04 09:08:07,282 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-26 securityworker stdout | 2025-11-04 09:08:07,282 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 16 securityworker stdout | 2025-11-04 09:08:07,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 12, 22]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-22 securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:08:07,286 [93] [DEBUG] [util.migrate.allocator] Right range 2-22 securityworker stdout | 2025-11-04 09:08:07,286 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:08:07,286 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 2-22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:07,287 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-22 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 22 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Total range: 22-49 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 22-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 26-36 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Left range 26-36 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-49 securityworker stdout | 2025-11-04 09:08:07,290 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,291 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 37, 47]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 37-47 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Total range: 22-49 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Right range 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 37-47 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 22-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-26 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 22-26 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 22 securityworker stdout | 2025-11-04 09:08:07,294 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 22, 32]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:08:07,297 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 22-32 by worker securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Merging with block 26-36 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 36 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Total range: 36-49 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Left range 37-47 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 22-32 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 26-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 36-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 37-47 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stdout | 2025-11-04 09:08:07,298 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 47, 49]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:08:07,301 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 37-47 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 37-47 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Already merged with block 37-47 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 37 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 37-47 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 37 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Total range: 36-37 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-37 securityworker stdout | 2025-11-04 09:08:07,302 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 36-37 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 36-37 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 36 securityworker stdout | 2025-11-04 09:08:07,303 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 36, 46]) securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 36 securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 46 securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 46-36 securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,307 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 46-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:07,307 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:07,307 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,307 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 20, 30]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 20-30 by worker securityworker stdout | 2025-11-04 09:08:07,310 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 20-30 by worker securityworker stdout | 2025-11-04 09:08:07,310 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 20-30 securityworker stdout | 2025-11-04 09:08:07,310 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 20-30 securityworker stdout | 2025-11-04 09:08:07,310 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,310 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,310 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,311 [93] [DEBUG] [util.migrate.allocator] Right range 20-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 20-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 20-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 20-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-20 securityworker stdout | 2025-11-04 09:08:07,311 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-20 securityworker stdout | 2025-11-04 09:08:07,311 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 10 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 10 securityworker stdout | 2025-11-04 09:08:07,311 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 7, 17]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 7-17 by worker securityworker stdout | 2025-11-04 09:08:07,314 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 7-17 by worker securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 7-17 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 7-17 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Left range 7-17 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Right range 20-30 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 17-20 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 17 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 7-17 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 7-17 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 7-17 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 20-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 17-20 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 17 securityworker stdout | 2025-11-04 09:08:07,315 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 17, 27]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:08:07,319 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 17-27 by worker securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 7-17 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Already merged with block 7-17 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Merging with block 20-30 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 7-30 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 17-27 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 7-17 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 7-17 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 20-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 7-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Left range 7-30 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 30-49 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 7-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 30-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,320 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 36, 46]) securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 36-46 securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Right range 7-30 securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-7 securityworker stdout | 2025-11-04 09:08:07,324 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 36-46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 3 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 7-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-7 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:07,325 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 1, 11]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Merging with block 7-30 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 30 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Total range: 30-49 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 7-30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 30-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 36-46 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Right range 36-46 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 30-36 securityworker stdout | 2025-11-04 09:08:07,328 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 30 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 30-36 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 30 securityworker stdout | 2025-11-04 09:08:07,329 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 30, 40]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 30-40 by worker securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 30-40 by worker securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 30-40 securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Merging with block 36-46 securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 46 securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Total range: 46-49 securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 30-40 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 36-46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 46-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 46-49 securityworker stdout | 2025-11-04 09:08:07,332 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 46-49 securityworker stdout | 2025-11-04 09:08:07,333 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 46 securityworker stdout | 2025-11-04 09:08:07,333 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 46, 49]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 46-49 by worker securityworker stdout | 2025-11-04 09:08:07,336 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 46-49 by worker securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 46-49 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 46 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Total range: 49-46 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 46-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 49-46 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,337 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 14, 24]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:08:07,341 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 14-24 by worker securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 14-24 securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 14-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 14-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Right range 14-24 securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-14 securityworker stdout | 2025-11-04 09:08:07,342 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 4 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 14-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-14 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 4 securityworker stdout | 2025-11-04 09:08:07,343 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 2, 12]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:08:07,346 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:08:07,346 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:08:07,346 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stdout | 2025-11-04 09:08:07,346 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:08:07,346 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,347 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:08:07,347 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 14-24 securityworker stdout | 2025-11-04 09:08:07,347 [93] [DEBUG] [util.migrate.allocator] Right range 14-24 securityworker stdout | 2025-11-04 09:08:07,347 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-14 securityworker stdout | 2025-11-04 09:08:07,347 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-14 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stdout | 2025-11-04 09:08:07,347 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 12, 22]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:08:07,350 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:08:07,350 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:08:07,350 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Merging with block 14-24 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-24 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 14-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Right range 2-24 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:08:07,351 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Right range 2-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:07,352 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 1, 11]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-24 securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 24 securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,355 [93] [DEBUG] [util.migrate.allocator] Total range: 24-49 securityworker stdout | 2025-11-04 09:08:07,356 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 2-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 24-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-49 securityworker stdout | 2025-11-04 09:08:07,356 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-49 securityworker stdout | 2025-11-04 09:08:07,356 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:08:07,356 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 32, 42]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 32-42 by worker securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Total range: 24-49 securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Left range 32-42 securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stdout | 2025-11-04 09:08:07,360 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 32-42 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 32-42 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 24-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Left range 32-42 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 42-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 42 securityworker stdout | 2025-11-04 09:08:07,361 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 42, 49]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 42-49 by worker securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 32-42 securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Already merged with block 32-42 securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 32 securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Total range: 24-32 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 42-49 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 32-42 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 32-42 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 32 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 24-32 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-32 securityworker stdout | 2025-11-04 09:08:07,364 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 24-32 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 24 securityworker stdout | 2025-11-04 09:08:07,365 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 7, 256952), 24, 34]) securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 24 securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 34 securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] Total range: 34-24 securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:07,369 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 34 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] Total range: 34-24 securityworker stderr | 2025-11-04 09:08:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:07,369 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:08:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:08:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:37.446883+00:00 (in 30.001721 seconds) namespacegcworker stdout | 2025-11-04 09:08:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:07 GMT)" (scheduled at 2025-11-04 09:08:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:08:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:08:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 7, 445503), True, datetime.datetime(2025, 11, 4, 9, 8, 7, 445503), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:08:07,458 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:08:07,458 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:08:07,459 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:08:07,688 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:07,776 [249] [DEBUG] [app] Starting request: urn:request:6adc8132-3eca-4ac0-9dfd-7e7ca7c205c2 (/api/v1/repository/superorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:07,776 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:07,776 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:07,777 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:07,789 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:07,791 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:07,797 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:07,798 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:07,803 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:07,808 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:07,812 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:07,815 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:07,819 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [9, None, 1762247287819, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:08:07,824 [249] [DEBUG] [app] Ending request: urn:request:6adc8132-3eca-4ac0-9dfd-7e7ca7c205c2 (/api/v1/repository/superorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:6adc8132-3eca-4ac0-9dfd-7e7ca7c205c2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/superorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:07,825 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:07 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.051 1772 0.051) gunicorn-web stdout | 2025-11-04 09:08:07,825 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:07 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" notificationworker stdout | 2025-11-04 09:08:07,880 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:08,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:08,142 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:14.140529+00:00 (in 5.997872 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:08,142 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:13:08 GMT)" (scheduled at 2025-11-04 09:08:08.142131+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:08,143 [79] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 8, 8, 142976), 'proxycacheblob/%']) proxycacheblobworker stdout | 2025-11-04 09:08:08,155 [79] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 8, 8, 142976), True, datetime.datetime(2025, 11, 4, 9, 8, 8, 142976), 0, 'proxycacheblob/%']) proxycacheblobworker stdout | 2025-11-04 09:08:08,159 [79] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 8, 8, 142976), True, datetime.datetime(2025, 11, 4, 9, 8, 8, 142976), 0, 'proxycacheblob/%', False, datetime.datetime(2025, 11, 4, 9, 8, 8, 142976), 'proxycacheblob/%']) proxycacheblobworker stdout | 2025-11-04 09:08:08,162 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:08,163 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:13:08 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:08,165 [248] [DEBUG] [app] Starting request: urn:request:6a573ba6-a624-419f-967b-fe9f09db0e93 (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:08,165 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,165 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,166 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,176 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,177 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,178 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,183 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,184 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,190 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,194 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,197 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,200 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,204 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', None, 1762247288203, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,208 [248] [DEBUG] [app] Ending request: urn:request:6a573ba6-a624-419f-967b-fe9f09db0e93 (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:6a573ba6-a624-419f-967b-fe9f09db0e93', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:08,209 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:08,209 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.0" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.1" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.046 1819 0.046) gunicorn-web stdout | 2025-11-04 09:08:08,566 [248] [DEBUG] [app] Starting request: urn:request:5fe380d0-4278-41ad-acfc-014470756596 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:08,566 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,566 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,567 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,567 [249] [DEBUG] [app] Starting request: urn:request:0f358018-7aff-4fa2-936f-9d35690bbc4f (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:08,568 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,568 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,568 [246] [DEBUG] [app] Starting request: urn:request:106610b9-2910-472c-8e5c-203b4914ae72 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:08,568 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,568 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,569 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,569 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,579 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:08,580 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:08,580 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,580 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:08,580 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,580 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,581 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,581 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,581 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,582 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,582 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:08,582 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,582 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:08,583 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,583 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:08,583 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,583 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,583 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,583 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,584 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,585 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,588 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,589 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,589 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,590 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,591 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,591 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,596 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,597 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,598 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,601 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,602 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,604 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,604 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,606 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,607 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,608 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,609 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,611 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,611 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,612 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,615 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247288614, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,615 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,616 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,618 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 gunicorn-web stdout | 2025-11-04 09:08:08,618 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52: {'manifest_hash': 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:08,619 [248] [DEBUG] [app] Ending request: urn:request:5fe380d0-4278-41ad-acfc-014470756596 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:5fe380d0-4278-41ad-acfc-014470756596', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:08,619 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d gunicorn-web stdout | 2025-11-04 09:08:08,619 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d: {'manifest_hash': 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:08,619 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1826 0.056) gunicorn-web stdout | 2025-11-04 09:08:08,620 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:08,620 [249] [DEBUG] [app] Ending request: urn:request:0f358018-7aff-4fa2-936f-9d35690bbc4f (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:0f358018-7aff-4fa2-936f-9d35690bbc4f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:08,620 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247288619, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,621 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:08,621 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:08,624 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,629 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,634 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['a6a852be-a247-44ea-b069-5dde2d0c82f9']) gunicorn-web stdout | 2025-11-04 09:08:08,638 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'} gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:08,640 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,641 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090808Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090808Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | a4708f3d19d916f6eb7e5a30f16164a0b79cfb3b4edbaccb893e658c7021828f gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | bd9a31fb25a5b75fb2e9798cf604809b55e1033de319db5c3672dcbce8b0b823 gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090808Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=bd9a31fb25a5b75fb2e9798cf604809b55e1033de319db5c3672dcbce8b0b823', 'amz-sdk-invocation-id': b'd63c3467-d417-43ef-ae3b-f2d8f292fd37', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:08,642 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:08,643 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:08,720 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 HTTP/1.1" 200 1457 gunicorn-web stdout | 2025-11-04 09:08:08,721 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjaek-e529qm-t29', 'x-amz-id-2': 'mhkcjaek-e529qm-t29', 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1457', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:08 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:08,721 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:08,722 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:08,722 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:08,722 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,722 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:08,722 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjaek-e529qm-t29', 'HostId': 'mhkcjaek-e529qm-t29', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjaek-e529qm-t29', 'x-amz-id-2': 'mhkcjaek-e529qm-t29', 'etag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'content-type': 'application/octet-stream', 'content-length': '1457', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:08 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 3, tzinfo=tzutc()), 'ContentLength': 1457, 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:08,724 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,728 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:19d511225f94f9b5cbf3836eb02b5273c01b95da50735742560e3e45b8c8bfcc', 1, 9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,733 [246] [DEBUG] [app] Ending request: urn:request:106610b9-2910-472c-8e5c-203b4914ae72 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:106610b9-2910-472c-8e5c-203b4914ae72', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:08,733 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.167 1796 0.167) gunicorn-web stdout | 2025-11-04 09:08:08,734 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:08 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:08,960 [246] [DEBUG] [app] Starting request: urn:request:5547eaa8-9225-4c95-8ccb-9d1659455bb7 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:08,961 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,961 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,962 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,973 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:08,973 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:08,973 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,973 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:08,973 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:08,973 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,974 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,974 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,975 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,980 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:08,981 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:08,986 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,991 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,994 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:08,997 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,001 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,004 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,007 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc gunicorn-web stdout | 2025-11-04 09:08:09,008 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc: {'manifest_hash': 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:09,008 [246] [DEBUG] [app] Ending request: urn:request:5547eaa8-9225-4c95-8ccb-9d1659455bb7 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:5547eaa8-9225-4c95-8ccb-9d1659455bb7', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,009 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,009 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1826 0.050) gunicorn-web stdout | 2025-11-04 09:08:09,071 [248] [DEBUG] [app] Starting request: urn:request:b72867b5-7ae1-4396-ba8e-338d1c05e3e9 (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,072 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,072 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,072 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,084 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,085 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,087 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,092 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,093 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,098 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,104 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,107 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,110 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,114 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,118 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,121 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a gunicorn-web stdout | 2025-11-04 09:08:09,121 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a: {'manifest_hash': 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:09,122 [248] [DEBUG] [app] Ending request: urn:request:b72867b5-7ae1-4396-ba8e-338d1c05e3e9 (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:b72867b5-7ae1-4396-ba8e-338d1c05e3e9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,122 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,123 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1826 0.053) gunicorn-web stdout | 2025-11-04 09:08:09,132 [246] [DEBUG] [app] Starting request: urn:request:b7cb689c-d246-4327-9d41-aeb90c082bb4 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,132 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,132 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,132 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,144 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,144 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,144 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,145 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,145 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,145 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,145 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,145 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,146 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,151 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,153 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) notificationworker stdout | 2025-11-04 09:08:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:19.156372+00:00 (in 9.999597 seconds) notificationworker stdout | 2025-11-04 09:08:09,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:19 GMT)" (scheduled at 2025-11-04 09:08:09.156372+00:00) notificationworker stdout | 2025-11-04 09:08:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:08:09,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 9, 157117), True, datetime.datetime(2025, 11, 4, 9, 8, 9, 157117), 0, 'notification/%', 50, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,159 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,165 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,169 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) notificationworker stdout | 2025-11-04 09:08:09,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:08:09,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:08:09,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:09,172 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,175 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247289175, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,180 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247289180, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,185 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,189 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,192 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['9b405135-d988-4a2c-a7c6-d499c1eecff2']) gunicorn-web stdout | 2025-11-04 09:08:09,195 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,196 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'} gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,197 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 447059ad28a3e9c0de9edc8fa86b3659efb282ee1b5a4a5c10e6289effe909ea gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 4d7b25822c4ef12881ba6263f75c7f07934f2d1d4e6f28ab8046cf32a4e2e033 gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,198 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=4d7b25822c4ef12881ba6263f75c7f07934f2d1d4e6f28ab8046cf32a4e2e033', 'amz-sdk-invocation-id': b'c6012167-733e-4139-9c51-423998c96c34', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,199 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,215 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:08:09,215 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjasw-65d5fn-tkk', 'x-amz-id-2': 'mhkcjasw-65d5fn-tkk', 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,215 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,215 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,215 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,215 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,216 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,216 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjasw-65d5fn-tkk', 'HostId': 'mhkcjasw-65d5fn-tkk', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjasw-65d5fn-tkk', 'x-amz-id-2': 'mhkcjasw-65d5fn-tkk', 'etag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 10, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,217 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,220 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 9, 'sha256:7ceae7886eafad2b1357f06c9477a2d217e23c9d62c8d217b5d0ed7447e76a6a', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,225 [246] [DEBUG] [app] Ending request: urn:request:b7cb689c-d246-4327-9d41-aeb90c082bb4 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:b7cb689c-d246-4327-9d41-aeb90c082bb4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,226 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,226 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.096 1796 0.096) gunicorn-web stdout | 2025-11-04 09:08:09,323 [246] [DEBUG] [app] Starting request: urn:request:25a4d66c-d542-47cd-b46b-521f382c29f0 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,323 [248] [DEBUG] [app] Starting request: urn:request:d2e9fcfd-6932-4a50-904a-9ffc3ac7a54a (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,323 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,323 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,323 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,323 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,324 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,324 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,335 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,336 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,336 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,336 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,336 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,336 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,337 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,337 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,337 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,337 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,338 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,341 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,342 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,344 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,345 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,347 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,347 [249] [DEBUG] [app] Starting request: urn:request:2ed45b20-4e64-416a-9f3a-e9eda50f218d (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,348 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,348 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,349 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,351 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,352 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,356 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,356 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,359 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,360 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,360 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,361 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,363 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,363 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,363 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247289363, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,367 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,368 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247289368, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,368 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,370 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,371 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,373 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,375 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 gunicorn-web stdout | 2025-11-04 09:08:09,375 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992: {'manifest_hash': 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:09,376 [246] [DEBUG] [app] Ending request: urn:request:25a4d66c-d542-47cd-b46b-521f382c29f0 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:25a4d66c-d542-47cd-b46b-521f382c29f0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,377 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,377 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,377 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:09,378 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,382 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['1d044cf7-21b0-4166-b66f-36cd96ea0b64']) gunicorn-web stdout | 2025-11-04 09:08:09,382 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,385 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,386 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,388 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,388 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'} gunicorn-web stdout | 2025-11-04 09:08:09,388 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,388 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,388 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,388 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,389 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,389 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | c1f40e346648806053a283d985bf6ac6f85e107a3e352afec8d67f93bfa3133c gunicorn-web stdout | 2025-11-04 09:08:09,390 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | ce997e1b983f2ba91043913ec5afdade5d41f6d0e4fe5ebf5fa4ead76545c9f6 gunicorn-web stdout | 2025-11-04 09:08:09,391 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,391 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,391 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,391 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ce997e1b983f2ba91043913ec5afdade5d41f6d0e4fe5ebf5fa4ead76545c9f6', 'amz-sdk-invocation-id': b'0f90b971-eb0c-4957-af7f-8a04b077f241', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,391 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,392 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:09,393 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247289392, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,399 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247289398, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,404 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,407 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,411 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d82d7341-fba3-4ba1-be5d-73f5c5a06d4d']) gunicorn-web stdout | 2025-11-04 09:08:09,415 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,418 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,418 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'} gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,419 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,420 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 40ee38d9edb08951b249c46daef1f911a5a82f423f323a0b719ae8bc22f4eaa3 gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 4462d3ff3b08d413f96334e3a9d301b548869960744d8790eaf2ef5efc021bfa gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,421 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=4462d3ff3b08d413f96334e3a9d301b548869960744d8790eaf2ef5efc021bfa', 'amz-sdk-invocation-id': b'eb30b622-8b28-4ed6-a648-9ddb120c321d', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,422 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,422 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:09,448 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:08:09,448 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjaze-a0g0a2-1cp0', 'x-amz-id-2': 'mhkcjaze-a0g0a2-1cp0', 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,449 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,449 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,449 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,449 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,449 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,449 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjaze-a0g0a2-1cp0', 'HostId': 'mhkcjaze-a0g0a2-1cp0', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjaze-a0g0a2-1cp0', 'x-amz-id-2': 'mhkcjaze-a0g0a2-1cp0', 'etag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 5, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,451 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,456 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 9, 'sha256:94b622d2880b7640fe5cf6da80a87db008e0529da67218311bc90f0fb1205091', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,458 [249] [DEBUG] [app] Starting request: urn:request:9b542a40-c982-4618-b146-19b7b2a22702 (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,459 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,459 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,459 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,461 [248] [DEBUG] [app] Ending request: urn:request:d2e9fcfd-6932-4a50-904a-9ffc3ac7a54a (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:d2e9fcfd-6932-4a50-904a-9ffc3ac7a54a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,462 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,462 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.141 1796 0.141) gunicorn-web stdout | 2025-11-04 09:08:09,470 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,471 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,472 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,478 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,479 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,485 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,491 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,494 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,497 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,501 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,504 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,507 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 gunicorn-web stdout | 2025-11-04 09:08:09,508 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933: {'manifest_hash': 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:09,508 [249] [DEBUG] [app] Ending request: urn:request:9b542a40-c982-4618-b146-19b7b2a22702 (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:9b542a40-c982-4618-b146-19b7b2a22702', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,509 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,509 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1826 0.052) gunicorn-web stdout | 2025-11-04 09:08:09,509 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 HTTP/1.1" 200 1472 gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjb00-adloks-3ql', 'x-amz-id-2': 'mhkcjb00-adloks-3ql', 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1472', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,510 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjb00-adloks-3ql', 'HostId': 'mhkcjb00-adloks-3ql', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjb00-adloks-3ql', 'x-amz-id-2': 'mhkcjb00-adloks-3ql', 'etag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'content-type': 'application/octet-stream', 'content-length': '1472', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 12, tzinfo=tzutc()), 'ContentLength': 1472, 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,512 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,516 [246] [DEBUG] [app] Starting request: urn:request:f024a6d2-727a-4203-931b-2e4b232be8af (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:09,517 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 9, 'sha256:87379020f3b6731a4b64976e614d305f5c121d153c049d14ba600ff24bbac012', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,517 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:09,519 [257] [DEBUG] [app] Starting request: urn:request:634cae6e-054e-4fc9-9eb1-c896f6c4f70f (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:09,520 [257] [DEBUG] [app] Ending request: urn:request:634cae6e-054e-4fc9-9eb1-c896f6c4f70f (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:634cae6e-054e-4fc9-9eb1-c896f6c4f70f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:09,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:08:09,520 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:09,522 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:09,523 [249] [DEBUG] [app] Ending request: urn:request:2ed45b20-4e64-416a-9f3a-e9eda50f218d (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:2ed45b20-4e64-416a-9f3a-e9eda50f218d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,523 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,524 [247] [DEBUG] [app] Starting request: urn:request:0951cac3-fe53-4c98-8f1a-a219ea81e586 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:09,524 [247] [DEBUG] [app] Ending request: urn:request:0951cac3-fe53-4c98-8f1a-a219ea81e586 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:0951cac3-fe53-4c98-8f1a-a219ea81e586', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.178 1796 0.178) gunicorn-web stdout | 2025-11-04 09:08:09,524 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:09,524 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:09,525 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:09,525 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:09,525 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:09,525 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:09,532 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:09,533 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:09,542 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:09,545 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:09,548 [246] [DEBUG] [app] Ending request: urn:request:f024a6d2-727a-4203-931b-2e4b232be8af (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:f024a6d2-727a-4203-931b-2e4b232be8af', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:09,549 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,550 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.034) gunicorn-web stdout | 2025-11-04 09:08:09,563 [246] [DEBUG] [app] Starting request: urn:request:42d514ef-754d-43f5-b103-37541487d07f (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,563 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,563 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,564 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,575 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,575 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,575 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,576 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,576 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,576 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,576 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,576 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,578 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,583 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,585 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,588 [249] [DEBUG] [app] Starting request: urn:request:7ed52b9e-82d9-4f9d-9a07-b78a96103387 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,588 [248] [DEBUG] [app] Starting request: urn:request:b3264877-c25d-4ad6-b1ba-ab955c7ef214 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:09,588 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,588 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,589 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,589 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:09,591 [257] [DEBUG] [app] Starting request: urn:request:c3197ea3-077f-4195-b2f1-05dfede89f94 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:09,592 [257] [DEBUG] [app] Ending request: urn:request:c3197ea3-077f-4195-b2f1-05dfede89f94 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:c3197ea3-077f-4195-b2f1-05dfede89f94', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:09,592 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:09,592 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,592 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.002) gunicorn-web stdout | 2025-11-04 09:08:09,593 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:09,594 [248] [DEBUG] [app] Starting request: urn:request:a216e0c9-ed65-4a40-85aa-1988b2641543 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:09,595 [248] [DEBUG] [app] Ending request: urn:request:a216e0c9-ed65-4a40-85aa-1988b2641543 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:a216e0c9-ed65-4a40-85aa-1988b2641543', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:08:09,595 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:09,595 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:09,596 [248] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:09,596 [248] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:09,596 [248] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:09,597 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,600 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,601 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,601 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,604 [248] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:09,604 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:09,604 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,606 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,608 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247289607, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,608 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,614 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247289613, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,614 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:09,614 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,618 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,618 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:09,619 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,621 [248] [DEBUG] [app] Ending request: urn:request:b3264877-c25d-4ad6-b1ba-ab955c7ef214 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:b3264877-c25d-4ad6-b1ba-ab955c7ef214', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:09,621 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,622 [248] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" gunicorn-web stdout | 2025-11-04 09:08:09,622 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1, 0]) nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.034) gunicorn-web stdout | 2025-11-04 09:08:09,623 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,625 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['89cf30ce-ff39-4fd8-9cf2-5395bfdb63e4']) gunicorn-web stdout | 2025-11-04 09:08:09,626 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,629 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'} gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,630 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,631 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247289630, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,631 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | f4cc1c99e94c27299cdbb51ac82c1e3f53090735748d2b29dc8932199248958e gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 379d2324f640058df6e434ede7722a82ddec3a6bea477ec17bee113b7e39c07d gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=379d2324f640058df6e434ede7722a82ddec3a6bea477ec17bee113b7e39c07d', 'amz-sdk-invocation-id': b'4bf2eb31-26cb-45fa-8540-ea60fb4ab506', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,632 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,637 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247289636, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,641 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,646 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,647 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 HTTP/1.1" 200 1453 gunicorn-web stdout | 2025-11-04 09:08:09,647 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjb4y-dbb5br-49j', 'x-amz-id-2': 'mhkcjb4y-dbb5br-49j', 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1453', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,647 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,648 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,648 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,648 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,648 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,648 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjb4y-dbb5br-49j', 'HostId': 'mhkcjb4y-dbb5br-49j', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjb4y-dbb5br-49j', 'x-amz-id-2': 'mhkcjb4y-dbb5br-49j', 'etag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'content-type': 'application/octet-stream', 'content-length': '1453', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 15, tzinfo=tzutc()), 'ContentLength': 1453, 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,650 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['dd459018-ad0e-4277-a622-172fa8f36752']) gunicorn-web stdout | 2025-11-04 09:08:09,650 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,653 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,655 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:122c52305f257cb504fa1e6417a0e2be0a91c6e8597236feced3168597406ed8', 1, 9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,655 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'} gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,656 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,657 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | b20381450c4d7e4da9d0a3c09e48424ee433fa132a4d468d7864ebb02e54dc8b gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | a6acde6325672404b39abea04355140cb4bb6ba303fd938201e180e541929e4a gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,658 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,659 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=a6acde6325672404b39abea04355140cb4bb6ba303fd938201e180e541929e4a', 'amz-sdk-invocation-id': b'cd8d10b9-bcdc-4f0d-b5fc-706183ba614e', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,659 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,660 [246] [DEBUG] [app] Ending request: urn:request:42d514ef-754d-43f5-b103-37541487d07f (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:42d514ef-754d-43f5-b103-37541487d07f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,661 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.100 1796 0.100) gunicorn-web stdout | 2025-11-04 09:08:09,661 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:09,714 [249] [DEBUG] [app] Starting request: urn:request:54cc1c6f-bfdb-48aa-bb3c-4bad5df6a239 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,715 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,715 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,715 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,727 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,728 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,728 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,728 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,728 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,728 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,728 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,729 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,730 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,736 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,737 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,743 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,749 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,753 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,757 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,760 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,764 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,767 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea gunicorn-web stdout | 2025-11-04 09:08:09,768 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea: {'manifest_hash': 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:09,768 [249] [DEBUG] [app] Ending request: urn:request:54cc1c6f-bfdb-48aa-bb3c-4bad5df6a239 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:54cc1c6f-bfdb-48aa-bb3c-4bad5df6a239', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,769 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1826 0.056) gunicorn-web stdout | 2025-11-04 09:08:09,770 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:09,770 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 HTTP/1.1" 200 1469 gunicorn-web stdout | 2025-11-04 09:08:09,770 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjb5p-drgqlo-q5v', 'x-amz-id-2': 'mhkcjb5p-drgqlo-q5v', 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1469', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,770 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,771 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,771 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,771 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,771 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,771 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjb5p-drgqlo-q5v', 'HostId': 'mhkcjb5p-drgqlo-q5v', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjb5p-drgqlo-q5v', 'x-amz-id-2': 'mhkcjb5p-drgqlo-q5v', 'etag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1469', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 7, tzinfo=tzutc()), 'ContentLength': 1469, 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,772 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,776 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 9, 'sha256:7bc0df393b289d450de141fd2c095776adb8cb79f976c1dacb787c9fc9a4d201', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,780 [249] [DEBUG] [app] Ending request: urn:request:7ed52b9e-82d9-4f9d-9a07-b78a96103387 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:7ed52b9e-82d9-4f9d-9a07-b78a96103387', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,781 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,781 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.195 1796 0.195) gunicorn-web stdout | 2025-11-04 09:08:09,798 [246] [DEBUG] [app] Starting request: urn:request:28fc3a57-59ac-46cc-9556-1f95db4ef9fc (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,798 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,798 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,798 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,810 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,812 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,817 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,818 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,824 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,829 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,833 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,836 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,840 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247289840, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,842 [249] [DEBUG] [app] Starting request: urn:request:f096c5a7-db86-4da0-9bb8-f2f80f5a5b59 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,843 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,843 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,843 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,845 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247289845, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,850 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,853 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,854 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,855 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,857 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['8625d6e4-2f6f-4d10-aa88-7a6729558869']) gunicorn-web stdout | 2025-11-04 09:08:09,857 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,858 [248] [DEBUG] [app] Starting request: urn:request:986d1182-93bd-422c-848b-4893228daa56 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,859 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,859 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,859 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,860 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,862 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,862 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'} gunicorn-web stdout | 2025-11-04 09:08:09,862 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,862 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,862 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,862 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,862 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,863 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,863 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 2186b1bb9587b2f82e9014f017aab0c54c2f93528e1d024d460cba878eaf1555 gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 9184b4cfe86187dd2ff11cb45029d76a4bd47d60e03547525047d7a78304a664 gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=9184b4cfe86187dd2ff11cb45029d76a4bd47d60e03547525047d7a78304a664', 'amz-sdk-invocation-id': b'9e437414-85f4-4758-aa22-008b92fd03cb', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,864 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:09,871 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,871 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,873 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,876 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,877 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 HTTP/1.1" 200 1460 gunicorn-web stdout | 2025-11-04 09:08:09,878 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbbd-ly80a-vhd', 'x-amz-id-2': 'mhkcjbbd-ly80a-vhd', 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1460', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,878 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,878 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,878 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,879 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,879 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,879 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:09,879 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjbbd-ly80a-vhd', 'HostId': 'mhkcjbbd-ly80a-vhd', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbbd-ly80a-vhd', 'x-amz-id-2': 'mhkcjbbd-ly80a-vhd', 'etag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'content-type': 'application/octet-stream', 'content-length': '1460', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 17, tzinfo=tzutc()), 'ContentLength': 1460, 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,879 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,880 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,880 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,883 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,884 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:ff2d9c2b154fd3b791f0dcffed0c3c63e3cc5b3549781f2f471478ef124fa11e', 1, 9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,886 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,887 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,889 [246] [DEBUG] [app] Ending request: urn:request:28fc3a57-59ac-46cc-9556-1f95db4ef9fc (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:28fc3a57-59ac-46cc-9556-1f95db4ef9fc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,889 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,890 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.094 1796 0.094) gunicorn-web stdout | 2025-11-04 09:08:09,890 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,892 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,894 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c gunicorn-web stdout | 2025-11-04 09:08:09,894 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c: {'manifest_hash': 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:09,895 [249] [DEBUG] [app] Ending request: urn:request:f096c5a7-db86-4da0-9bb8-f2f80f5a5b59 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:f096c5a7-db86-4da0-9bb8-f2f80f5a5b59', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,895 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:09,896 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:09,896 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:09,899 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,903 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247289903, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,908 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247289908, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,912 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,916 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,919 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c9d5a016-6b2e-4115-8c6a-27ad74e7b2c6']) gunicorn-web stdout | 2025-11-04 09:08:09,922 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'} gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,924 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,925 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:09,925 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:09,925 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:09,925 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:09,926 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090809Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090809Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 8715ac6735d34e00bacb71666905eb03f85dd7a6a7789854d1a23b9d72f42b3e gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 798166b1e442a3ed034f7a3d957f8fb1d6efe47c131fdd0d73769daa67737b88 gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090809Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=798166b1e442a3ed034f7a3d957f8fb1d6efe47c131fdd0d73769daa67737b88', 'amz-sdk-invocation-id': b'0e0fbd64-1c7d-4729-bb7e-8871f3e2222a', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:09,927 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:09,942 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:08:09,942 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbd5-1njwig-tl2', 'x-amz-id-2': 'mhkcjbd5-1njwig-tl2', 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:09,942 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:09,943 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:09,943 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:09,943 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,943 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:09,943 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjbd5-1njwig-tl2', 'HostId': 'mhkcjbd5-1njwig-tl2', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbd5-1njwig-tl2', 'x-amz-id-2': 'mhkcjbd5-1njwig-tl2', 'etag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:09 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 20, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:09,945 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:09,949 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:cd719190bb511a8ac7cf73b99bec41e528f046a4b96921c93a22ad0813bcd87a', 1, 9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1]) gunicorn-web stdout | 2025-11-04 09:08:09,953 [248] [DEBUG] [app] Ending request: urn:request:986d1182-93bd-422c-848b-4893228daa56 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:986d1182-93bd-422c-848b-4893228daa56', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:09,954 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.097 1796 0.097) gunicorn-web stdout | 2025-11-04 09:08:09,954 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:09 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:09,997 [246] [DEBUG] [app] Starting request: urn:request:db571a81-185e-4d02-aa8a-d65bb13652c2 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:09,997 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,997 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:09,997 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,009 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:10,009 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:10,009 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,009 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:10,010 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,010 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,010 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,010 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,011 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,016 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,017 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,023 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,028 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,032 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,036 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,040 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,044 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,047 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 gunicorn-web stdout | 2025-11-04 09:08:10,047 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132: {'manifest_hash': 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:10,048 [246] [DEBUG] [app] Ending request: urn:request:db571a81-185e-4d02-aa8a-d65bb13652c2 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:db571a81-185e-4d02-aa8a-d65bb13652c2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:10,048 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:10,048 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1826 0.053) gunicorn-web stdout | 2025-11-04 09:08:10,105 [246] [DEBUG] [app] Starting request: urn:request:060a16e7-868e-4f6c-a2da-daea740badb6 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:10,106 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,106 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,107 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,117 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:10,117 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:10,118 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,118 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:10,118 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,118 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,118 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,118 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,119 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,126 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,127 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,134 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,139 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,144 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,147 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,151 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247290151, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,157 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247290157, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,162 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,166 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,170 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['245d7d88-d237-4046-909c-047178021b9e']) gunicorn-web stdout | 2025-11-04 09:08:10,173 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'} gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,175 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,176 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090810Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090810Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | df936873cecdf5af4ef0e3283fec4f2c4705a626cbb00d03a086bbcee1e02381 gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | a72830dd8fa3616f65aba6374d6dca4bd4379b39b57a00452fc8770ce7d90a17 gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090810Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=a72830dd8fa3616f65aba6374d6dca4bd4379b39b57a00452fc8770ce7d90a17', 'amz-sdk-invocation-id': b'8447d24a-c83b-406f-810c-ef1710739686', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:10,177 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:10,191 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:08:10,191 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbk3-5shh6w-12i6', 'x-amz-id-2': 'mhkcjbk3-5shh6w-12i6', 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:10 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:10,192 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:10,192 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,192 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:10,192 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,192 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,193 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjbk3-5shh6w-12i6', 'HostId': 'mhkcjbk3-5shh6w-12i6', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbk3-5shh6w-12i6', 'x-amz-id-2': 'mhkcjbk3-5shh6w-12i6', 'etag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:10 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 23, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:10,194 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,198 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 9, 'sha256:46b5947a368c82da2a25216b85057a03081fa6e86e9b72c2ec471115009a2123', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,202 [249] [DEBUG] [app] Starting request: urn:request:68925655-f3ca-4016-80f2-63ec5032a1d9 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:10,202 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,202 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,202 [246] [DEBUG] [app] Ending request: urn:request:060a16e7-868e-4f6c-a2da-daea740badb6 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:060a16e7-868e-4f6c-a2da-daea740badb6', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:10,203 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,204 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:10,204 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.100 1796 0.100) gunicorn-web stdout | 2025-11-04 09:08:10,214 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:10,214 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:10,214 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,214 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:10,214 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,214 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,215 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,215 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,216 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,221 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,222 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,224 [246] [DEBUG] [app] Starting request: urn:request:3d4e6e9c-23b3-4330-809f-c3a72d8714d2 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:10,224 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,224 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,225 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,228 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,233 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,233 [247] [DEBUG] [app] Starting request: urn:request:05e291fe-4e2e-42a6-aed5-191f814205ee (/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:10,234 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,234 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,234 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,236 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:10,236 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:10,236 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,237 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,237 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:10,237 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,237 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,237 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,237 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,238 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,240 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,243 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,244 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,244 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,245 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:10,245 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:10,245 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,246 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:10,246 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:10,246 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,246 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,246 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,247 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,248 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,250 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,252 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc gunicorn-web stdout | 2025-11-04 09:08:10,253 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc: {'manifest_hash': 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:10,253 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:10,254 [249] [DEBUG] [app] Ending request: urn:request:68925655-f3ca-4016-80f2-63ec5032a1d9 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:68925655-f3ca-4016-80f2-63ec5032a1d9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:10,254 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:10,254 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,254 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.054 1826 0.054) gunicorn-web stdout | 2025-11-04 09:08:10,256 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,260 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,263 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,263 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,267 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247290267, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,268 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,271 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,273 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247290272, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,275 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,277 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,278 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."repository_id", "t2"."digest", "t2"."media_type_id", "t2"."manifest_bytes", "t2"."config_media_type", "t2"."layers_compressed_size", "t2"."subject", "t2"."subject_backfilled", "t2"."artifact_type", "t2"."artifact_type_backfilled" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."name" = %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', None, 1762247290278, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,282 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,284 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."tag_name", "t1"."tag_pull_count", "t1"."last_tag_pull_date", "t1"."current_manifest_digest" FROM "tagpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."tag_name" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,286 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['7198d319-55da-4767-9f1a-ea3fba192665']) gunicorn-web stdout | 2025-11-04 09:08:10,288 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [9, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,289 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:10,291 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:10,291 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'} gunicorn-web stdout | 2025-11-04 09:08:10,291 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."manifest_digest", "t1"."manifest_pull_count", "t1"."last_manifest_pull_date" FROM "manifestpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."manifest_digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,291 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,291 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,291 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:10,292 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:10,293 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090810Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090810Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 1dcb54537e3e2575381eca2235ea4edebbf34f1934203b9449967d4835bd2513 gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 338f89c5c03426dcb8a66b09050dd6c0c747d9c23fcd330fff44b7432aece1bc gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090810Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=338f89c5c03426dcb8a66b09050dd6c0c747d9c23fcd330fff44b7432aece1bc', 'amz-sdk-invocation-id': b'187c8b5a-0774-4429-8c34-d4213838f31d', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:10,294 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:10,295 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [9, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,298 [247] [DEBUG] [app] Ending request: urn:request:05e291fe-4e2e-42a6-aed5-191f814205ee (/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics) {'endpoint': 'api.repositorytagpullstatistics', 'request_id': 'urn:request:05e291fe-4e2e-42a6-aed5-191f814205ee', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics', 'path': '/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:10,299 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:10,299 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/tag/busybox/pull_statistics HTTP/1.0" 200 292 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/tag/busybox/pull_statistics HTTP/1.1" 200 292 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.067 1743 0.067) gunicorn-web stdout | 2025-11-04 09:08:10,309 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd HTTP/1.1" 200 1455 gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbnc-7q4hat-vr2', 'x-amz-id-2': 'mhkcjbnc-7q4hat-vr2', 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1455', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:10 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:10,310 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjbnc-7q4hat-vr2', 'HostId': 'mhkcjbnc-7q4hat-vr2', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjbnc-7q4hat-vr2', 'x-amz-id-2': 'mhkcjbnc-7q4hat-vr2', 'etag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'content-type': 'application/octet-stream', 'content-length': '1455', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:10 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 26, tzinfo=tzutc()), 'ContentLength': 1455, 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:10,312 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:10,316 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 9, 'sha256:55b62457923c4f107ac9cb1d535ca1afbdad4b04bae1ffcbebd9f2f381378eca', 1]) gunicorn-web stdout | 2025-11-04 09:08:10,321 [246] [DEBUG] [app] Ending request: urn:request:3d4e6e9c-23b3-4330-809f-c3a72d8714d2 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:3d4e6e9c-23b3-4330-809f-c3a72d8714d2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:10,322 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.100 1796 0.100) gunicorn-web stdout | 2025-11-04 09:08:10,322 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:10 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" securityscanningnotificationworker stdout | 2025-11-04 09:08:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:08:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:27.745810+00:00 (in 17.001264 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:08:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:10 GMT)" (scheduled at 2025-11-04 09:08:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:08:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:08:10,746 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 10, 744943), True, datetime.datetime(2025, 11, 4, 9, 8, 10, 744943), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:08:10,758 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:08:10,758 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:08:10,758 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:08:11,004 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:11 +0000] "GET /repository/superorg/repo1?tab=tags HTTP/1.1" 304 0 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.000 1769 -) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:12,198 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:12 +0000] "GET /images/favicon.png HTTP/1.1" 200 15998 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.000 1641 -) gunicorn-web stdout | 2025-11-04 09:08:12,440 [246] [DEBUG] [app] Starting request: urn:request:c79cb4e3-80ce-4587-a8f8-954a89946350 (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:12,440 [246] [DEBUG] [app] Ending request: urn:request:c79cb4e3-80ce-4587-a8f8-954a89946350 (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:c79cb4e3-80ce-4587-a8f8-954a89946350', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:12 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.003 1613 0.003) gunicorn-web stdout | 2025-11-04 09:08:12,441 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:12 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:12,614 [249] [DEBUG] [app] Starting request: urn:request:4fb824e7-c97b-413c-a94f-e5d3e26e0755 (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:12,615 [249] [DEBUG] [app] Ending request: urn:request:4fb824e7-c97b-413c-a94f-e5d3e26e0755 (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:4fb824e7-c97b-413c-a94f-e5d3e26e0755', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:12,615 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:12 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:12 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1613 0.002) gunicorn-web stdout | 2025-11-04 09:08:12,786 [247] [DEBUG] [app] Starting request: urn:request:11a0e0a4-e979-42c4-ba4f-c532d539b12d (/config) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:12,787 [247] [DEBUG] [app] Ending request: urn:request:11a0e0a4-e979-42c4-ba4f-c532d539b12d (/config) {'endpoint': 'web.config', 'request_id': 'urn:request:11a0e0a4-e979-42c4-ba4f-c532d539b12d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/config', 'path': '/config', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:12 +0000] "GET /config HTTP/1.1" 200 4079 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1689 0.002) gunicorn-web stdout | 2025-11-04 09:08:12,787 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:12 +0000] "GET /config HTTP/1.0" 200 4079 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" pullstatsredisflushworker stdout | 2025-11-04 09:08:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:08:12,953 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:42.952336+00:00 (in 29.999168 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:08:12,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:42 GMT)" (scheduled at 2025-11-04 09:08:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:08:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush gunicorn-web stdout | 2025-11-04 09:08:12,953 [249] [DEBUG] [app] Starting request: urn:request:f15d1682-3854-4e35-8750-705ee94bfeb9 (/api/v1/user/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:12,954 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,954 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,955 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) pullstatsredisflushworker stdout | 2025-11-04 09:08:12,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:08:12,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:42 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:12,966 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:12,966 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:12,966 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,966 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,967 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:12,967 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:12,967 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:12,967 [249] [DEBUG] [peewee] ('SELECT DISTINCT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" INNER JOIN "team" AS "t2" ON ("t2"."organization_id" = "t1"."id") INNER JOIN "teammember" AS "t3" ON ("t3"."team_id" = "t2"."id") INNER JOIN "user" AS "t4" ON ("t4"."id" = "t3"."user_id") WHERE (("t1"."organization" = %s) AND ("t4"."username" = %s))', [True, 'quay']) gunicorn-web stdout | 2025-11-04 09:08:12,972 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,973 [249] [DEBUG] [peewee] ('SELECT "t1"."service_ident", "t2"."name", "t1"."metadata_json" FROM "federatedlogin" AS "t1" INNER JOIN "loginservice" AS "t2" ON ("t1"."service_id" = "t2"."id") WHERE (("t2"."name" != %s) AND ("t1"."user_id" = %s))', ['quayrobot', 1]) gunicorn-web stdout | 2025-11-04 09:08:12,976 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."kind_id" FROM "userprompt" AS "t1" INNER JOIN "userpromptkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE ("t1"."user_id" = %s)', [1]) gunicorn-web stdout | 2025-11-04 09:08:12,980 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:12,983 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:12,987 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:12,991 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:12,994 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:12,997 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,997 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:12,999 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:13,002 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,002 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,003 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,004 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,004 [249] [DEBUG] [app] Ending request: urn:request:f15d1682-3854-4e35-8750-705ee94bfeb9 (/api/v1/user/) {'endpoint': 'api.user', 'request_id': 'urn:request:f15d1682-3854-4e35-8750-705ee94bfeb9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/', 'path': '/api/v1/user/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,004 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,005 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/user/ HTTP/1.0" 200 1229 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/user/ HTTP/1.1" 200 1229 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.054 1695 0.053) gunicorn-web stdout | 2025-11-04 09:08:13,386 [246] [DEBUG] [app] Starting request: urn:request:c5738cb8-8ed9-49d8-b991-fa2ffa8135dc (/api/v1/user/notifications) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:13,387 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,387 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,387 [249] [DEBUG] [app] Starting request: urn:request:0a45753f-b25b-41c5-971c-63f6a8ab5d46 (/api/v1/messages) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:13,387 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,387 [247] [DEBUG] [app] Starting request: urn:request:5369ded3-893a-4fe7-9788-c158a2fbe6c9 (/api/v1/repository/superorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:13,388 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,387 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,388 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,388 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,388 [248] [DEBUG] [app] Starting request: urn:request:a72f4a34-3b1b-4d5e-8af5-7619681ca26d (/api/v1/repository/superorg/repo1) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:13,389 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,389 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,389 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,389 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,390 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [endpoints.api] Checking permission for user quay gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,399 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,400 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,400 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:13,400 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:13,400 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,401 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."content", "t1"."uuid", "t1"."severity", "t1"."media_type_id", "t2"."id", "t2"."name" FROM "messages" AS "t1" INNER JOIN "mediatype" AS "t2" ON ("t1"."media_type_id" = "t2"."id")', []) gunicorn-web stdout | 2025-11-04 09:08:13,401 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:13,401 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:13,401 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:13,401 [246] [DEBUG] [peewee] ('(SELECT "t1"."id", "t1"."uuid", "t1"."kind_id", "t1"."metadata_json", "t1"."dismissed", "t1"."lookup_path", "t1"."created", "t1"."created" AS "cd", "t1"."target_id" FROM "notification" AS "t1" INNER JOIN "notificationkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE (("t1"."dismissed" = %s) AND ("t1"."target_id" = %s))) UNION (SELECT "t3"."id", "t3"."uuid", "t3"."kind_id", "t3"."metadata_json", "t3"."dismissed", "t3"."lookup_path", "t3"."created", "t3"."created" AS "cd", "t3"."target_id" FROM "notification" AS "t3" INNER JOIN "notificationkind" AS "t4" ON ("t3"."kind_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t5"."id" = "t3"."target_id") INNER JOIN "team" AS "t6" ON ("t5"."id" = "t6"."organization_id") INNER JOIN "teamrole" AS "t7" ON ("t6"."role_id" = "t7"."id") INNER JOIN "teammember" AS "t8" ON ("t6"."id" = "t8"."team_id") INNER JOIN "user" AS "t9" ON ("t8"."user_id" = "t9"."id") WHERE (("t3"."dismissed" = %s) AND (("t9"."id" = %s) AND ("t7"."name" = %s)))) ORDER BY cd desc LIMIT %s', [False, 1, False, 1, 'admin', 6]) gunicorn-web stdout | 2025-11-04 09:08:13,401 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,401 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:13,401 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,402 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:13,402 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,402 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:13,402 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,402 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,402 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,402 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,402 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,402 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,402 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,403 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:13,404 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:13,404 [249] [DEBUG] [app] Ending request: urn:request:0a45753f-b25b-41c5-971c-63f6a8ab5d46 (/api/v1/messages) {'endpoint': 'api.globalusermessages', 'request_id': 'urn:request:0a45753f-b25b-41c5-971c-63f6a8ab5d46', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/messages', 'path': '/api/v1/messages', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,405 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,405 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/messages HTTP/1.0" 200 17 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/messages HTTP/1.1" 200 17 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.019 1698 0.019) gunicorn-web stdout | 2025-11-04 09:08:13,406 [249] [DEBUG] [app] Starting request: urn:request:6e2eabce-fed8-429f-a4f4-ae2921b8cee9 (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:13,406 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,406 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,407 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,408 [246] [DEBUG] [app] Ending request: urn:request:c5738cb8-8ed9-49d8-b991-fa2ffa8135dc (/api/v1/user/notifications) {'endpoint': 'api.usernotificationlist', 'request_id': 'urn:request:c5738cb8-8ed9-49d8-b991-fa2ffa8135dc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/notifications', 'path': '/api/v1/user/notifications', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,409 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,409 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,409 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/user/notifications HTTP/1.0" 200 43 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:13,409 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/user/notifications HTTP/1.1" 200 43 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.024 1708 0.024) gunicorn-web stdout | 2025-11-04 09:08:13,410 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:13,411 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:13,415 [248] [DEBUG] [endpoints.api.repository] Get repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:13,416 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,417 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,417 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:13,417 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:13,417 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,418 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,419 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."repository_id", "t1"."created" FROM "star" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."user_id" = %s)) LIMIT %s OFFSET %s', [9, 1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,422 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,422 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,422 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,422 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,422 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,423 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."count", "t1"."date" FROM "repositoryactioncount" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."date" >= %s))', [9, datetime.date(2025, 8, 4)]) gunicorn-web stdout | 2025-11-04 09:08:13,423 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:13,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,426 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,427 [248] [DEBUG] [app] Ending request: urn:request:a72f4a34-3b1b-4d5e-8af5-7619681ca26d (/api/v1/repository/superorg/repo1) {'endpoint': 'api.repository', 'request_id': 'urn:request:a72f4a34-3b1b-4d5e-8af5-7619681ca26d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1?includeStats=true&includeTags=false', 'path': '/api/v1/repository/superorg/repo1', 'parameters': {'includeStats': 'true', 'includeTags': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,427 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,428 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.0" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.1" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.042 1751 0.041) gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:13,428 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:13,429 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,431 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:13,433 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [9, None, 1762247293433, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,435 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:13,438 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,438 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,438 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,438 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,438 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:13,439 [247] [DEBUG] [app] Ending request: urn:request:5369ded3-893a-4fe7-9788-c158a2fbe6c9 (/api/v1/repository/superorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:5369ded3-893a-4fe7-9788-c158a2fbe6c9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/superorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,440 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,441 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.054 1757 0.054) gunicorn-web stdout | 2025-11-04 09:08:13,442 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,445 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:13,448 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,452 [249] [DEBUG] [app] Ending request: urn:request:6e2eabce-fed8-429f-a4f4-ae2921b8cee9 (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:6e2eabce-fed8-429f-a4f4-ae2921b8cee9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,453 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,453 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.067 1711 0.067) gcworker stdout | 2025-11-04 09:08:13,512 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:13,786 [246] [DEBUG] [app] Starting request: urn:request:ddbdc38b-1363-44ca-a8fd-64665b86b0be (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:13,786 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,786 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,787 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,797 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:13,797 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:13,797 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,797 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:13,798 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:13,798 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,798 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,798 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,799 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:13,804 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:13,805 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:13,811 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,816 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,819 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,822 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,826 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', None, 1762247293825, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:13,831 [246] [DEBUG] [app] Ending request: urn:request:ddbdc38b-1363-44ca-a8fd-64665b86b0be (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:ddbdc38b-1363-44ca-a8fd-64665b86b0be', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:13,831 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:13,832 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.0" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:13 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.1" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.047 1819 0.047) proxycacheblobworker stdout | 2025-11-04 09:08:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:24.140529+00:00 (in 9.999531 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:24 GMT)" (scheduled at 2025-11-04 09:08:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:08:14,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 14, 141377), True, datetime.datetime(2025, 11, 4, 9, 8, 14, 141377), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:08:14,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:08:14,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:14,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:24 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:14,202 [248] [DEBUG] [app] Starting request: urn:request:6dcb1ac9-e902-4438-9a1c-829999aea004 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,202 [247] [DEBUG] [app] Starting request: urn:request:93f3b57a-b14a-43f8-835b-8d847284f241 (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,203 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,203 [249] [DEBUG] [app] Starting request: urn:request:801ee0ff-15a5-4e2c-b1c0-a7138c310e39 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,203 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,203 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,203 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,203 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,203 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,204 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,204 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,204 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,206 [246] [DEBUG] [app] Starting request: urn:request:fe6461cb-6efb-495e-ba00-e6bacced517a (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,206 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,206 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,207 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,215 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,216 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,216 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,217 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,217 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,217 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,217 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,217 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,217 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,218 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,218 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,219 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,219 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,219 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,219 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,219 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,219 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,219 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,220 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,220 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,221 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,221 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,221 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,222 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,222 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,222 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,222 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,222 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,222 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,223 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,223 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,224 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,224 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,225 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,226 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,228 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,229 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,230 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,231 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,232 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,233 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,235 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,236 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,238 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,239 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,239 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,240 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,242 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,242 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,243 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,243 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,245 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,246 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,246 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,247 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247294247, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,249 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,250 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247294249, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,250 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,253 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247294252, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,253 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 gunicorn-web stdout | 2025-11-04 09:08:14,253 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,254 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52: {'manifest_hash': 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:14,254 [248] [DEBUG] [app] Ending request: urn:request:6dcb1ac9-e902-4438-9a1c-829999aea004 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:6dcb1ac9-e902-4438-9a1c-829999aea004', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,255 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:14,255 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247294254, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,255 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.054 1826 0.054) gunicorn-web stdout | 2025-11-04 09:08:14,256 [248] [DEBUG] [app] Starting request: urn:request:b5ab0d28-2a4a-4284-adbd-91a061c758c2 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,257 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,257 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,257 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,258 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,258 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,259 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,260 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d gunicorn-web stdout | 2025-11-04 09:08:14,261 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d: {'manifest_hash': 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:14,261 [247] [DEBUG] [app] Ending request: urn:request:93f3b57a-b14a-43f8-835b-8d847284f241 (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:93f3b57a-b14a-43f8-835b-8d847284f241', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,262 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:14,262 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,262 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.061 1826 0.061) gunicorn-web stdout | 2025-11-04 09:08:14,263 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,266 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['a6a852be-a247-44ea-b069-5dde2d0c82f9']) gunicorn-web stdout | 2025-11-04 09:08:14,267 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['1d044cf7-21b0-4166-b66f-36cd96ea0b64']) gunicorn-web stdout | 2025-11-04 09:08:14,269 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,269 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:14,269 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,269 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,270 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,270 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,270 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,270 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,270 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,271 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,270 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:14,271 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:14,271 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'} gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:14,272 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'} gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090814Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090814Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bc9d80e41a31723635914c5ba869e5fed9cacf0cabdaac90c3ac8c6c050920df gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 57524afdc52c1693f35e717b7bd740cb96736726a5fbc11f8700fd1420c7c372 gunicorn-web stdout | 2025-11-04 09:08:14,273 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:14,273 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:14,274 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:14,274 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,274 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090814Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=57524afdc52c1693f35e717b7bd740cb96736726a5fbc11f8700fd1420c7c372', 'amz-sdk-invocation-id': b'03ad3a07-0b5f-4c0f-b2f1-37f60d4d0720', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:14,274 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:14,274 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090814Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090814Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 3235061653a0cba2f54a7398fb474783d94862a961a3c8b8b908b871d6ce1cfb gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 4b2a085d6e489d4c9975764326ad06efbfab16dd77cf6ea4ff7febed23f9d65b gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090814Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=4b2a085d6e489d4c9975764326ad06efbfab16dd77cf6ea4ff7febed23f9d65b', 'amz-sdk-invocation-id': b'37a0262f-657c-409f-8c79-f6576d8ea0c0', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:14,275 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:14,277 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,278 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,284 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,288 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 HTTP/1.1" 200 1457 gunicorn-web stdout | 2025-11-04 09:08:14,288 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjepv-7e2ey7-elt', 'x-amz-id-2': 'mhkcjepv-7e2ey7-elt', 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1457', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:14,288 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:14,289 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,289 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,289 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:14,289 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,289 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,290 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjepv-7e2ey7-elt', 'HostId': 'mhkcjepv-7e2ey7-elt', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjepv-7e2ey7-elt', 'x-amz-id-2': 'mhkcjepv-7e2ey7-elt', 'etag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'content-type': 'application/octet-stream', 'content-length': '1457', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 3, tzinfo=tzutc()), 'ContentLength': 1457, 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:14,291 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:08:14,291 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,292 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjepx-7f90ki-jmz', 'x-amz-id-2': 'mhkcjepx-7f90ki-jmz', 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:14,292 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:14,292 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,293 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,293 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:14,294 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,294 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,294 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjepx-7f90ki-jmz', 'HostId': 'mhkcjepx-7f90ki-jmz', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjepx-7f90ki-jmz', 'x-amz-id-2': 'mhkcjepx-7f90ki-jmz', 'etag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 5, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:14,295 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,296 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,297 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:19d511225f94f9b5cbf3836eb02b5273c01b95da50735742560e3e45b8c8bfcc', 1, 9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,300 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 9, 'sha256:94b622d2880b7640fe5cf6da80a87db008e0529da67218311bc90f0fb1205091', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,300 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,302 [249] [DEBUG] [app] Ending request: urn:request:801ee0ff-15a5-4e2c-b1c0-a7138c310e39 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:801ee0ff-15a5-4e2c-b1c0-a7138c310e39', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,302 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.102 1796 0.102) gunicorn-web stdout | 2025-11-04 09:08:14,303 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:14,305 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,305 [246] [DEBUG] [app] Ending request: urn:request:fe6461cb-6efb-495e-ba00-e6bacced517a (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:fe6461cb-6efb-495e-ba00-e6bacced517a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,306 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.102 1796 0.102) gunicorn-web stdout | 2025-11-04 09:08:14,306 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:14,308 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 gunicorn-web stdout | 2025-11-04 09:08:14,308 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992: {'manifest_hash': 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:14,309 [248] [DEBUG] [app] Ending request: urn:request:b5ab0d28-2a4a-4284-adbd-91a061c758c2 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:b5ab0d28-2a4a-4284-adbd-91a061c758c2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,309 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:14,310 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.106 1826 0.105) gunicorn-web stdout | 2025-11-04 09:08:14,590 [247] [DEBUG] [app] Starting request: urn:request:387abcde-aab3-45f8-ba39-5ce76f847823 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,590 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,590 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,590 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,596 [246] [DEBUG] [app] Starting request: urn:request:81255099-8b99-4442-a18c-5ffe34592820 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,596 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,596 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,597 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,601 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,602 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,603 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,609 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,609 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,609 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,609 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,609 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,609 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,609 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,610 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,610 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,610 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,611 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,615 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,616 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,617 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,619 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,622 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,623 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,626 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,628 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,630 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,631 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,634 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,634 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,637 [249] [DEBUG] [app] Starting request: urn:request:d7398e12-05cb-42b5-8059-5b65d79dce77 (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,637 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc gunicorn-web stdout | 2025-11-04 09:08:14,637 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,637 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,637 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc: {'manifest_hash': 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:14,638 [247] [DEBUG] [app] Ending request: urn:request:387abcde-aab3-45f8-ba39-5ce76f847823 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:387abcde-aab3-45f8-ba39-5ce76f847823', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,638 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,638 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247294638, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,638 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:14,639 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.051 1826 0.050) gunicorn-web stdout | 2025-11-04 09:08:14,640 [248] [DEBUG] [app] Starting request: urn:request:f7676b0f-f803-4b4b-8ad4-4105844bf8ef (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,640 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,640 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,641 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,642 [247] [DEBUG] [app] Starting request: urn:request:bc0b42d5-5de6-4e5c-b41b-c684f9762b79 (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,642 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,642 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,643 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,644 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247294643, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,648 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,649 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,649 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,649 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,649 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,650 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,650 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,650 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,650 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,651 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,652 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,653 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,654 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,654 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,654 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,655 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,655 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,655 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,655 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,655 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,655 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,656 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['9b405135-d988-4a2c-a7c6-d499c1eecff2']) gunicorn-web stdout | 2025-11-04 09:08:14,656 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,657 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,657 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,659 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:14,660 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'} gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,660 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:14,661 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,661 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,661 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090814Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090814Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | a91e5780ae2392c584d0d93cb1d8c4b9c46405488408e9f9779f31bfcc60628d gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 9da04eeab541f5591b075559c14d91e97825c6f162774c1c5a1afb608a086fab gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,662 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090814Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=9da04eeab541f5591b075559c14d91e97825c6f162774c1c5a1afb608a086fab', 'amz-sdk-invocation-id': b'ddb290b6-b6b2-4811-8fbe-b184895fc7e8', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:14,662 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,663 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:14,663 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,667 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,668 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,669 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,671 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,672 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,673 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,675 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,676 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,677 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,677 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:08:14,677 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjf0o-dt4bb7-ft8', 'x-amz-id-2': 'mhkcjf0o-dt4bb7-ft8', 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:14,677 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:14,678 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,678 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:14,678 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,678 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,678 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjf0o-dt4bb7-ft8', 'HostId': 'mhkcjf0o-dt4bb7-ft8', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjf0o-dt4bb7-ft8', 'x-amz-id-2': 'mhkcjf0o-dt4bb7-ft8', 'etag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 10, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:14,679 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,679 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,680 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,680 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,683 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,683 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247294682, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,683 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,684 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 9, 'sha256:7ceae7886eafad2b1357f06c9477a2d217e23c9d62c8d217b5d0ed7447e76a6a', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,687 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a gunicorn-web stdout | 2025-11-04 09:08:14,687 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a: {'manifest_hash': 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:14,687 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,688 [249] [DEBUG] [app] Ending request: urn:request:d7398e12-05cb-42b5-8059-5b65d79dce77 (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:d7398e12-05cb-42b5-8059-5b65d79dce77', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,688 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:14,688 [246] [DEBUG] [app] Ending request: urn:request:81255099-8b99-4442-a18c-5ffe34592820 (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:81255099-8b99-4442-a18c-5ffe34592820', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,689 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:14,689 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247294688, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,689 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1826 0.053) gunicorn-web stdout | 2025-11-04 09:08:14,690 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.095 1796 0.094) gunicorn-web stdout | 2025-11-04 09:08:14,691 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 gunicorn-web stdout | 2025-11-04 09:08:14,691 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933: {'manifest_hash': 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:14,692 [247] [DEBUG] [app] Ending request: urn:request:bc0b42d5-5de6-4e5c-b41b-c684f9762b79 (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:bc0b42d5-5de6-4e5c-b41b-c684f9762b79', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,692 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:14,693 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1826 0.052) gunicorn-web stdout | 2025-11-04 09:08:14,694 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,698 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,702 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d82d7341-fba3-4ba1-be5d-73f5c5a06d4d']) gunicorn-web stdout | 2025-11-04 09:08:14,705 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'} gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,707 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,708 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090814Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090814Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 57334047c80e54d92b54e766c3bbd67ee542e93ce493338294fdbbe7398e65b4 gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 729823fe68dca98976ffa03218943633387bc4e472a87d0d681f7802f1571d49 gunicorn-web stdout | 2025-11-04 09:08:14,709 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,710 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:14,710 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,710 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090814Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=729823fe68dca98976ffa03218943633387bc4e472a87d0d681f7802f1571d49', 'amz-sdk-invocation-id': b'62aa34a9-a375-4096-a8ff-3ff584345eda', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:14,710 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:14,722 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 HTTP/1.1" 200 1472 gunicorn-web stdout | 2025-11-04 09:08:14,723 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjf20-elsno7-hkm', 'x-amz-id-2': 'mhkcjf20-elsno7-hkm', 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1472', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:14,723 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:14,723 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:14,723 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:14,724 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,724 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:14,724 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjf20-elsno7-hkm', 'HostId': 'mhkcjf20-elsno7-hkm', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjf20-elsno7-hkm', 'x-amz-id-2': 'mhkcjf20-elsno7-hkm', 'etag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'content-type': 'application/octet-stream', 'content-length': '1472', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:14 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 12, tzinfo=tzutc()), 'ContentLength': 1472, 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:14,726 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,730 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 9, 'sha256:87379020f3b6731a4b64976e614d305f5c121d153c049d14ba600ff24bbac012', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,734 [248] [DEBUG] [app] Ending request: urn:request:f7676b0f-f803-4b4b-8ad4-4105844bf8ef (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:f7676b0f-f803-4b4b-8ad4-4105844bf8ef', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:14,735 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.097 1796 0.097) gunicorn-web stdout | 2025-11-04 09:08:14,735 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:14 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:14,958 [248] [DEBUG] [app] Starting request: urn:request:0fd7d1ef-dc46-4804-8cc1-a881b6983eae (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,958 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,958 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,959 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,970 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,970 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,971 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,971 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,971 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,971 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,971 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,971 [246] [DEBUG] [app] Starting request: urn:request:8f96c700-81a1-4a7d-99d8-816485480897 (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:14,971 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,971 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,972 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,972 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,973 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,978 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,980 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,985 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,986 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,987 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,991 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,992 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:14,993 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:14,994 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,998 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:14,999 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,001 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247295001, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,004 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,007 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247295006, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,008 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,011 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,011 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,014 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247295014, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,016 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,020 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['dd459018-ad0e-4277-a622-172fa8f36752']) gunicorn-web stdout | 2025-11-04 09:08:15,020 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247295019, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,023 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:15,024 [249] [DEBUG] [app] Starting request: urn:request:c6252dff-1aa0-4b58-b5c4-7f28d458ff2f (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,024 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,024 [247] [DEBUG] [app] Starting request: urn:request:e196a062-9a83-4f6b-9b4a-8d27bf0a8dd9 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,024 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:15,024 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,024 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,024 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'} gunicorn-web stdout | 2025-11-04 09:08:15,024 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,024 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,024 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,024 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,024 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:15,025 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,025 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,025 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090815Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090815Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 40e379ca437a5d2a9c2f64e7b6febb7c3978f2d34abdc59903ca30764eddb3bc gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 9966ebb004363a6852613f323d44a2b62b192100e87605216417193dac0fabf9 gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090815Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=9966ebb004363a6852613f323d44a2b62b192100e87605216417193dac0fabf9', 'amz-sdk-invocation-id': b'b03cff41-bb21-48ad-a546-2cbcae306355', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:15,026 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:15,028 [248] [DEBUG] [app] Starting request: urn:request:7f26246c-95d5-47ed-b32b-872db81d4566 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,028 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,028 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,028 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,029 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,032 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['89cf30ce-ff39-4fd8-9cf2-5395bfdb63e4']) gunicorn-web stdout | 2025-11-04 09:08:15,036 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:15,036 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,036 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,036 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,036 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,037 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,037 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,037 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,037 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,037 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'} gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,038 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:15,039 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,039 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,039 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:15,039 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090815Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090815Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | e06e7993d913c067475fc86bc34c41fe787dc91ad4d02d36081013229219f2c1 gunicorn-web stdout | 2025-11-04 09:08:15,040 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 0bf2976c4c3a864aa6bf3b1a46da9dfbbf22e1dc974a7d45928daea9947f5451 gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,040 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090815Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0bf2976c4c3a864aa6bf3b1a46da9dfbbf22e1dc974a7d45928daea9947f5451', 'amz-sdk-invocation-id': b'34022cc9-59fd-4a1e-a7e0-b474981a0360', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:15,041 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:15,041 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,044 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,044 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,045 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,045 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,047 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,047 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,051 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,051 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,053 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 HTTP/1.1" 200 1453 gunicorn-web stdout | 2025-11-04 09:08:15,053 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfb5-3iqx2i-1anj', 'x-amz-id-2': 'mhkcjfb5-3iqx2i-1anj', 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1453', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:15,053 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:15,053 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,054 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:15,054 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,054 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,054 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,054 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjfb5-3iqx2i-1anj', 'HostId': 'mhkcjfb5-3iqx2i-1anj', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfb5-3iqx2i-1anj', 'x-amz-id-2': 'mhkcjfb5-3iqx2i-1anj', 'etag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'content-type': 'application/octet-stream', 'content-length': '1453', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 15, tzinfo=tzutc()), 'ContentLength': 1453, 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:15,056 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,056 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,056 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,058 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,059 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,060 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,060 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:122c52305f257cb504fa1e6417a0e2be0a91c6e8597236feced3168597406ed8', 1, 9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,062 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,062 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,064 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,065 [246] [DEBUG] [app] Ending request: urn:request:8f96c700-81a1-4a7d-99d8-816485480897 (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:8f96c700-81a1-4a7d-99d8-816485480897', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,065 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,066 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,066 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.096 1796 0.096) gunicorn-web stdout | 2025-11-04 09:08:15,066 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,068 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247295067, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,068 [246] [DEBUG] [app] Starting request: urn:request:8246bc90-6e61-4c6e-bdbc-47ba350daa62 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,069 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,069 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,069 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,070 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,070 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,073 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247295072, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,073 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea gunicorn-web stdout | 2025-11-04 09:08:15,074 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea: {'manifest_hash': 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:15,074 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,074 [247] [DEBUG] [app] Ending request: urn:request:e196a062-9a83-4f6b-9b4a-8d27bf0a8dd9 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:e196a062-9a83-4f6b-9b4a-8d27bf0a8dd9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,075 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1826 0.052) gunicorn-web stdout | 2025-11-04 09:08:15,076 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,077 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,078 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c gunicorn-web stdout | 2025-11-04 09:08:15,078 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c: {'manifest_hash': 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:15,079 [248] [DEBUG] [app] Ending request: urn:request:7f26246c-95d5-47ed-b32b-872db81d4566 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:7f26246c-95d5-47ed-b32b-872db81d4566', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,079 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:15,080 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,080 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 HTTP/1.1" 200 1469 gunicorn-web stdout | 2025-11-04 09:08:15,080 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfar-3ad798-6bd', 'x-amz-id-2': 'mhkcjfar-3ad798-6bd', 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1469', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:15,081 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:15,081 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,081 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,081 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,081 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,081 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,081 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,082 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjfar-3ad798-6bd', 'HostId': 'mhkcjfar-3ad798-6bd', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfar-3ad798-6bd', 'x-amz-id-2': 'mhkcjfar-3ad798-6bd', 'etag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1469', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 7, tzinfo=tzutc()), 'ContentLength': 1469, 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:15,082 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,083 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,084 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['8625d6e4-2f6f-4d10-aa88-7a6729558869']) gunicorn-web stdout | 2025-11-04 09:08:15,087 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 9, 'sha256:7bc0df393b289d450de141fd2c095776adb8cb79f976c1dacb787c9fc9a4d201', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,087 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,088 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:15,088 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'} gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,089 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,090 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090815Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090815Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 699990d1954355a8d5413873c5f02b1884f6e302bc5552b970e9abdd89885442 gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 18c455820c38c2d114646b0ac3561d7ad10b6a03fd00f82f066cc02ec5f5c2b5 gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090815Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=18c455820c38c2d114646b0ac3561d7ad10b6a03fd00f82f066cc02ec5f5c2b5', 'amz-sdk-invocation-id': b'b54f7056-c2fe-49b5-8355-a5bd4ecf23f1', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:15,091 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:15,092 [248] [DEBUG] [app] Ending request: urn:request:0fd7d1ef-dc46-4804-8cc1-a881b6983eae (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:0fd7d1ef-dc46-4804-8cc1-a881b6983eae', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,092 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,093 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.137 1796 0.137) gunicorn-web stdout | 2025-11-04 09:08:15,094 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,099 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,102 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 HTTP/1.1" 200 1460 gunicorn-web stdout | 2025-11-04 09:08:15,102 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfck-4cwmdm-bpo', 'x-amz-id-2': 'mhkcjfck-4cwmdm-bpo', 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1460', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:15,103 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:15,103 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,103 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,103 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:15,103 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,103 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,103 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjfck-4cwmdm-bpo', 'HostId': 'mhkcjfck-4cwmdm-bpo', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfck-4cwmdm-bpo', 'x-amz-id-2': 'mhkcjfck-4cwmdm-bpo', 'etag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'content-type': 'application/octet-stream', 'content-length': '1460', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 17, tzinfo=tzutc()), 'ContentLength': 1460, 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:15,104 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,106 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,108 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:ff2d9c2b154fd3b791f0dcffed0c3c63e3cc5b3549781f2f471478ef124fa11e', 1, 9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,110 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247295110, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,112 [249] [DEBUG] [app] Ending request: urn:request:c6252dff-1aa0-4b58-b5c4-7f28d458ff2f (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:c6252dff-1aa0-4b58-b5c4-7f28d458ff2f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,113 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.091 1796 0.091) gunicorn-web stdout | 2025-11-04 09:08:15,113 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,115 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247295115, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,119 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,123 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,127 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c9d5a016-6b2e-4115-8c6a-27ad74e7b2c6']) gunicorn-web stdout | 2025-11-04 09:08:15,131 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:15,131 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'} gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:15,132 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090815Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090815Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 6ef7567aee39a2f051bf1ddaf0a5bf251c341f45ced9219a8319c525a87c966a gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 520588fa5310dfa490bd3465e8e119df2d908524c22879f8f3da638df2f8a7fd gunicorn-web stdout | 2025-11-04 09:08:15,133 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,134 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:15,134 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,134 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090815Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=520588fa5310dfa490bd3465e8e119df2d908524c22879f8f3da638df2f8a7fd', 'amz-sdk-invocation-id': b'0fa467dd-45c3-4072-a2fe-7247e0e693be', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:15,134 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:15,145 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:08:15,145 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfdr-528xfu-16e2', 'x-amz-id-2': 'mhkcjfdr-528xfu-16e2', 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:15,145 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:15,146 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,146 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:15,146 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,146 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,146 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjfdr-528xfu-16e2', 'HostId': 'mhkcjfdr-528xfu-16e2', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfdr-528xfu-16e2', 'x-amz-id-2': 'mhkcjfdr-528xfu-16e2', 'etag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 20, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:15,147 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,151 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:cd719190bb511a8ac7cf73b99bec41e528f046a4b96921c93a22ad0813bcd87a', 1, 9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,155 [246] [DEBUG] [app] Ending request: urn:request:8246bc90-6e61-4c6e-bdbc-47ba350daa62 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:8246bc90-6e61-4c6e-bdbc-47ba350daa62', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,156 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,156 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.089 1796 0.089) gunicorn-web stdout | 2025-11-04 09:08:15,423 [248] [DEBUG] [app] Starting request: urn:request:03e59dcb-2f95-458a-90e2-eedd7284f40f (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,424 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,424 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,424 [249] [DEBUG] [app] Starting request: urn:request:c6593911-95e8-4f7e-911a-885be04f8596 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,424 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,424 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,424 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,425 [246] [DEBUG] [app] Starting request: urn:request:f58bcb9b-01e9-4e3a-855f-87afc93e99fa (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,425 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,425 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,425 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,426 [247] [DEBUG] [app] Starting request: urn:request:0f770d0a-a717-4048-8889-a130c1bc352d (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:15,426 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,426 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,426 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,427 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,437 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,437 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,437 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,437 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,437 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,437 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,437 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,437 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,437 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,437 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,437 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,437 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,437 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,438 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,438 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,438 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,438 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,439 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,439 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,439 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,439 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,440 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,440 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,440 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,440 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,440 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,440 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,440 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,441 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,444 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,445 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,445 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,445 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,447 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,447 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,447 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,447 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,451 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,453 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,453 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,453 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,457 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,458 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,459 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,459 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,460 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,462 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,462 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,462 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,464 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,465 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,466 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,466 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,467 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,469 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247295468, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,469 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,470 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247295469, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,472 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,473 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,474 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247295473, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,475 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 gunicorn-web stdout | 2025-11-04 09:08:15,475 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132: {'manifest_hash': 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:15,476 [248] [DEBUG] [app] Ending request: urn:request:03e59dcb-2f95-458a-90e2-eedd7284f40f (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:03e59dcb-2f95-458a-90e2-eedd7284f40f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,476 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc gunicorn-web stdout | 2025-11-04 09:08:15,476 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,477 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247295476, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,477 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc: {'manifest_hash': 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:15,477 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,478 [246] [DEBUG] [app] Ending request: urn:request:f58bcb9b-01e9-4e3a-855f-87afc93e99fa (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:f58bcb9b-01e9-4e3a-855f-87afc93e99fa', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,478 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,478 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,479 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,479 [248] [DEBUG] [app] Starting request: urn:request:8cabae28-bf66-4038-b099-d1eaac3de3ca (/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:15,479 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,479 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,479 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,481 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,484 [247] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,486 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,488 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['7198d319-55da-4767-9f1a-ea3fba192665']) gunicorn-web stdout | 2025-11-04 09:08:15,489 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['245d7d88-d237-4046-909c-047178021b9e']) gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,491 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,492 [247] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:15,493 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:15,493 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,493 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'} gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,494 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:15,494 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'} gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090815Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090815Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | c683bfc13b7cc38dd044ca3599a1c310f27141b796d62a7ce35fc93f01359dc4 gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 6e5b709d1e7420b173b834f14ba43e998ca480e6516fb034a50750cd97275813 gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:15,495 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090815Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=6e5b709d1e7420b173b834f14ba43e998ca480e6516fb034a50750cd97275813', 'amz-sdk-invocation-id': b'8b85b145-6548-4c95-b92b-35b5f293c781', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,495 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,496 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090815Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090815Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bc12cf99f7d3b629ffa6073bf4d511685f2563cfbc5d3e1c2147818586661edc gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 8c223d13bf0573afa109861c51058da54c4543b930dd16768c3896191a5d59ee gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,496 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090815Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8c223d13bf0573afa109861c51058da54c4543b930dd16768c3896191a5d59ee', 'amz-sdk-invocation-id': b'32b7d10c-fd65-41f6-9eb8-e99b333c73eb', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:15,496 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:15,498 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:15,499 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,505 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,510 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:08:15,510 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfnu-b2dijt-1a6v', 'x-amz-id-2': 'mhkcjfnu-b2dijt-1a6v', 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:15,510 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:15,510 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,511 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,511 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:15,511 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,511 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,511 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjfnu-b2dijt-1a6v', 'HostId': 'mhkcjfnu-b2dijt-1a6v', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfnu-b2dijt-1a6v', 'x-amz-id-2': 'mhkcjfnu-b2dijt-1a6v', 'etag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 23, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:15,513 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,514 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,516 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 9, 'sha256:46b5947a368c82da2a25216b85057a03081fa6e86e9b72c2ec471115009a2123', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,517 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,521 [249] [DEBUG] [app] Ending request: urn:request:c6593911-95e8-4f7e-911a-885be04f8596 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:c6593911-95e8-4f7e-911a-885be04f8596', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,521 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,522 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."repository_id", "t2"."digest", "t2"."media_type_id", "t2"."manifest_bytes", "t2"."config_media_type", "t2"."layers_compressed_size", "t2"."subject", "t2"."subject_backfilled", "t2"."artifact_type", "t2"."artifact_type_backfilled" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."name" = %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', None, 1762247295521, False, 1, 0]) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.100 1796 0.100) gunicorn-web stdout | 2025-11-04 09:08:15,522 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:15,526 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."tag_name", "t1"."tag_pull_count", "t1"."last_tag_pull_date", "t1"."current_manifest_digest" FROM "tagpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."tag_name" = %s)) LIMIT %s OFFSET %s', [9, 'busybox', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,530 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [9, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,533 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."manifest_digest", "t1"."manifest_pull_count", "t1"."last_manifest_pull_date" FROM "manifestpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."manifest_digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,536 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [9, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,540 [248] [DEBUG] [app] Ending request: urn:request:8cabae28-bf66-4038-b099-d1eaac3de3ca (/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics) {'endpoint': 'api.repositorytagpullstatistics', 'request_id': 'urn:request:8cabae28-bf66-4038-b099-d1eaac3de3ca', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics', 'path': '/api/v1/repository/superorg/repo1/tag/busybox/pull_statistics', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,540 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:15,540 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/tag/busybox/pull_statistics HTTP/1.0" 200 292 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/tag/busybox/pull_statistics HTTP/1.1" 200 292 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.096 1743 0.096) gunicorn-web stdout | 2025-11-04 09:08:15,553 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd HTTP/1.1" 200 1455 gunicorn-web stdout | 2025-11-04 09:08:15,553 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfp1-bs2bio-j3q', 'x-amz-id-2': 'mhkcjfp1-bs2bio-j3q', 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1455', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:15,554 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:15,554 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:15,554 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:15,554 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,554 [247] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:15,554 [247] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjfp1-bs2bio-j3q', 'HostId': 'mhkcjfp1-bs2bio-j3q', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjfp1-bs2bio-j3q', 'x-amz-id-2': 'mhkcjfp1-bs2bio-j3q', 'etag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'content-type': 'application/octet-stream', 'content-length': '1455', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:15 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 26, tzinfo=tzutc()), 'ContentLength': 1455, 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:15,556 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:15,560 [247] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 9, 'sha256:55b62457923c4f107ac9cb1d535ca1afbdad4b04bae1ffcbebd9f2f381378eca', 1]) gunicorn-web stdout | 2025-11-04 09:08:15,565 [247] [DEBUG] [app] Ending request: urn:request:0f770d0a-a717-4048-8889-a130c1bc352d (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:0f770d0a-a717-4048-8889-a130c1bc352d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:15,566 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.142 1796 0.142) gunicorn-web stdout | 2025-11-04 09:08:15,566 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:15 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" autopruneworker stdout | 2025-11-04 09:08:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:08:16,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:46.130127+00:00 (in 29.999560 seconds) autopruneworker stdout | 2025-11-04 09:08:16,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:46 GMT)" (scheduled at 2025-11-04 09:08:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:08:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243696137, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:08:16,143 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:08:16,143 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:08:16,143 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:46 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:08:16,194 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:08:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:08:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:28.340417+00:00 (in 11.996612 seconds) exportactionlogsworker stdout | 2025-11-04 09:08:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:16 GMT)" (scheduled at 2025-11-04 09:08:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:08:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:08:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:16,462 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:16,464 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:16,479 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:16,508 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:16,520 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:08:18,780 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:08:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:29.156372+00:00 (in 9.999582 seconds) notificationworker stdout | 2025-11-04 09:08:19,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:29 GMT)" (scheduled at 2025-11-04 09:08:19.156372+00:00) notificationworker stdout | 2025-11-04 09:08:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:08:19,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 19, 157412), True, datetime.datetime(2025, 11, 4, 9, 8, 19, 157412), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:08:19,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:08:19,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:08:19,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:20.247243+00:00 (in 1.001366 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:19 GMT)" (scheduled at 2025-11-04 09:08:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,247 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,260 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,260 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:08:19,260 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:08:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:08:19,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:49.635986+00:00 (in 29.999562 seconds) buildlogsarchiver stdout | 2025-11-04 09:08:19,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:49 GMT)" (scheduled at 2025-11-04 09:08:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:08:19,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 8, 19, 637161), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:08:19,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:08:19,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:08:19,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,248 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,248 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:19.245377+00:00 (in 58.997054 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,248 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:20 GMT)" (scheduled at 2025-11-04 09:08:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,261 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,262 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:08:20,262 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:08:20,991 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:08:21,255 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:08:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:37.252445+00:00 (in 15.997167 seconds) securityworker stdout | 2025-11-04 09:08:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:51 GMT)" (scheduled at 2025-11-04 09:08:21.254713+00:00) securityworker stdout | 2025-11-04 09:08:21,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:08:21,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:08:21,260 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:08:21,262 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:08:21,274 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:21,274 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:21,274 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:21,274 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:21,275 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:21,279 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:21,279 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:08:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:08:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:21,280 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 21, 262756), 1, 49]) securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:21,283 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:21,283 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:08:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:08:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:21,284 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:21,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 21, 262756), 1, 49]) securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:08:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:08:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:21,288 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:21,288 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:08:21,289 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:21,289 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:08:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:21,289 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:08:21,700 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:08:21,902 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:08:22,002 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:08:22,398 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:23,558 [249] [DEBUG] [app] Starting request: urn:request:75844d96-7030-4021-acfe-89aea3deec31 (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,558 [248] [DEBUG] [app] Starting request: urn:request:a9df64df-3a5c-431c-bbac-87e5edc9e866 (/api/v1/superuser/registrysize/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,559 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,559 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,559 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,559 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,559 [246] [DEBUG] [app] Starting request: urn:request:9cfbfbd1-6cb2-4941-af55-84ab7fcf38f7 (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,560 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,560 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,560 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,560 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,560 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,571 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:23,572 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,572 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,572 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,572 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,572 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,572 [249] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:23,572 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,572 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,572 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,572 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,573 [246] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:23,573 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,573 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,573 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:23,573 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,573 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,573 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,573 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,573 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:23,574 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:08:23,574 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [True, False]) gunicorn-web stdout | 2025-11-04 09:08:23,576 [248] [DEBUG] [app] Ending request: urn:request:a9df64df-3a5c-431c-bbac-87e5edc9e866 (/api/v1/superuser/registrysize/) {'endpoint': 'api.superuserregistrysize', 'request_id': 'urn:request:a9df64df-3a5c-431c-bbac-87e5edc9e866', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/registrysize/', 'path': '/api/v1/superuser/registrysize/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:23,576 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:23,577 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.0" 200 71 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.1" 200 71 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.020 1706 0.019) gunicorn-web stdout | 2025-11-04 09:08:23,578 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:23,578 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:23,582 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:23,582 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,585 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:23,586 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,588 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,590 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:23,591 [246] [DEBUG] [app] Ending request: urn:request:9cfbfbd1-6cb2-4941-af55-84ab7fcf38f7 (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:9cfbfbd1-6cb2-4941-af55-84ab7fcf38f7', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:23,592 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.034 1699 0.034) gunicorn-web stdout | 2025-11-04 09:08:23,592 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:23,593 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,597 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,600 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:23,603 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,606 [249] [DEBUG] [app] Ending request: urn:request:75844d96-7030-4021-acfe-89aea3deec31 (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:75844d96-7030-4021-acfe-89aea3deec31', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:23,607 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:23,607 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1707 0.050) gunicorn-web stdout | 2025-11-04 09:08:23,946 [248] [DEBUG] [app] Starting request: urn:request:91a36666-8325-4b82-9420-91ac82fdfb7c (/api/v1/organization/quay/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,946 [247] [DEBUG] [app] Starting request: urn:request:43a7de19-e7ba-4ff0-af67-ddd5155b9086 (/api/v1/organization/quay/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,946 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,946 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,946 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,946 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,947 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,947 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,948 [246] [DEBUG] [app] Starting request: urn:request:05c02dd8-2b0f-44c7-a7e7-3db60b021ec4 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,949 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,949 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,950 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,959 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,959 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,960 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,960 [247] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quay+%']) gunicorn-web stdout | 2025-11-04 09:08:23,960 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,961 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,961 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,961 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,961 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,961 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,961 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,962 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:23,963 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,964 [248] [DEBUG] [app] Ending request: urn:request:91a36666-8325-4b82-9420-91ac82fdfb7c (/api/v1/organization/quay/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:91a36666-8325-4b82-9420-91ac82fdfb7c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quay/members', 'path': '/api/v1/organization/quay/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:23,964 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:23,965 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/organization/quay/members HTTP/1.0" 404 248 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/organization/quay/members HTTP/1.1" 404 248 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.020 1693 0.020) gunicorn-web stdout | 2025-11-04 09:08:23,966 [247] [DEBUG] [app] Ending request: urn:request:43a7de19-e7ba-4ff0-af67-ddd5155b9086 (/api/v1/organization/quay/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:43a7de19-e7ba-4ff0-af67-ddd5155b9086', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quay/robots?permissions=true&token=false', 'path': '/api/v1/organization/quay/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:23,967 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:23,967 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quay', 1, 3, 1, 'quay', 101]) gunicorn-web stdout | 2025-11-04 09:08:23,967 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/organization/quay/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/organization/quay/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.023 1721 0.023) gunicorn-web stdout | 2025-11-04 09:08:23,973 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:23,978 [246] [DEBUG] [app] Ending request: urn:request:05c02dd8-2b0f-44c7-a7e7-3db60b021ec4 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:05c02dd8-2b0f-44c7-a7e7-3db60b021ec4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quay&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quay', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:23,978 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:23,978 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:23 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.031 1724 0.031) gunicorn-web stdout | 2025-11-04 09:08:23,981 [249] [DEBUG] [app] Starting request: urn:request:c660252a-7a37-4511-8804-9314fe3e44d9 (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,981 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,981 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,981 [246] [DEBUG] [app] Starting request: urn:request:74debb50-eb8a-40e4-948b-d3f602ec47a5 (/api/v1/organization/quayorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,981 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,982 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,982 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,982 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,982 [248] [DEBUG] [app] Starting request: urn:request:866c21e1-1011-46a0-94d9-851fa2e4adf4 (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:23,982 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,982 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,983 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,992 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,993 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,993 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,993 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,993 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,993 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,993 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,993 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,993 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,993 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,993 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:23,993 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:23,993 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,994 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,994 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:23,995 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:23,997 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,997 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,997 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,997 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,997 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:23,997 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,997 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,997 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:23,998 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:23,999 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:24,000 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,000 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,001 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,001 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,001 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,001 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,001 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,001 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,003 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,003 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:24,004 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,004 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,004 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,004 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,004 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:24,005 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:24,007 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:24,007 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:24,009 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [2, False]) gunicorn-web stdout | 2025-11-04 09:08:24,010 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:24,011 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:24,013 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,013 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,013 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,014 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,014 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,014 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,014 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,014 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,014 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:24,014 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:24,015 [246] [DEBUG] [app] Ending request: urn:request:74debb50-eb8a-40e4-948b-d3f602ec47a5 (/api/v1/organization/quayorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:74debb50-eb8a-40e4-948b-d3f602ec47a5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/members', 'path': '/api/v1/organization/quayorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,016 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,016 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/quayorg/members HTTP/1.0" 200 400 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/quayorg/members HTTP/1.1" 200 400 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.036 1696 0.036) gunicorn-web stdout | 2025-11-04 09:08:24,018 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,018 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,021 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:24,021 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:24,024 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,025 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,028 [249] [DEBUG] [app] Ending request: urn:request:c660252a-7a37-4511-8804-9314fe3e44d9 (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:c660252a-7a37-4511-8804-9314fe3e44d9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,028 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,028 [248] [DEBUG] [app] Ending request: urn:request:866c21e1-1011-46a0-94d9-851fa2e4adf4 (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:866c21e1-1011-46a0-94d9-851fa2e4adf4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,029 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1688 0.049) gunicorn-web stdout | 2025-11-04 09:08:24,029 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,029 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.048 1689 0.048) teamsyncworker stdout | 2025-11-04 09:08:24,088 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:24,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:27.142482+00:00 (in 3.001032 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:34 GMT)" (scheduled at 2025-11-04 09:08:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:08:24,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 24, 141789), True, datetime.datetime(2025, 11, 4, 9, 8, 24, 141789), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:08:24,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:08:24,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:24,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:24,312 [249] [DEBUG] [app] Starting request: urn:request:a9b835d9-1f65-46f9-ab5d-51cfaee8907f (/api/v1/organization/superorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:24,312 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,312 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,313 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,324 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:24,324 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:24,324 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,325 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,325 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,325 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,325 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,326 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,331 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,332 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,335 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:24,340 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [4, False]) gunicorn-web stdout | 2025-11-04 09:08:24,345 [249] [DEBUG] [app] Ending request: urn:request:a9b835d9-1f65-46f9-ab5d-51cfaee8907f (/api/v1/organization/superorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:a9b835d9-1f65-46f9-ab5d-51cfaee8907f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/members', 'path': '/api/v1/organization/superorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,345 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/superorg/members HTTP/1.1" 200 388 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.034 1697 0.034) gunicorn-web stdout | 2025-11-04 09:08:24,346 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/superorg/members HTTP/1.0" 200 388 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:24,352 [249] [DEBUG] [app] Starting request: urn:request:7f901be2-c2e4-49f3-a5c6-91fdb145fedd (/api/v1/organization/superorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:24,352 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,352 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,353 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,363 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:24,364 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:24,364 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,364 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,364 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,364 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,364 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,365 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,370 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,372 [249] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'superorg+%']) gunicorn-web stdout | 2025-11-04 09:08:24,378 [249] [DEBUG] [app] Ending request: urn:request:7f901be2-c2e4-49f3-a5c6-91fdb145fedd (/api/v1/organization/superorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:7f901be2-c2e4-49f3-a5c6-91fdb145fedd', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/superorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,378 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,378 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.027 1725 0.027) gunicorn-web stdout | 2025-11-04 09:08:24,386 [249] [DEBUG] [app] Starting request: urn:request:19e32261-d5a1-4c31-a180-242937d49ad5 (/api/v1/organization/quayorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:24,386 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,386 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,387 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,398 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,399 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:24,404 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,404 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,404 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,405 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,405 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,405 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,405 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,405 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,405 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,406 [249] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quayorg+%']) gunicorn-web stdout | 2025-11-04 09:08:24,411 [249] [DEBUG] [app] Ending request: urn:request:19e32261-d5a1-4c31-a180-242937d49ad5 (/api/v1/organization/quayorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:19e32261-d5a1-4c31-a180-242937d49ad5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/quayorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,411 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,412 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.027 1724 0.027) gunicorn-web stdout | 2025-11-04 09:08:24,447 [249] [DEBUG] [app] Starting request: urn:request:bd235964-869a-459d-a845-829cac0b64d8 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:24,447 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,447 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,447 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,459 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,460 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,465 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'superorg', 1, 3, 1, 'superorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:24,471 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [9, None, 1762247304470, False]) gunicorn-web stdout | 2025-11-04 09:08:24,475 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:24,479 [246] [DEBUG] [app] Starting request: urn:request:2900e4c9-4642-486c-8125-204d86c2929e (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:24,479 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,479 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,479 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [9]) gunicorn-web stdout | 2025-11-04 09:08:24,480 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,482 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:24,486 [249] [DEBUG] [app] Ending request: urn:request:bd235964-869a-459d-a845-829cac0b64d8 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:bd235964-869a-459d-a845-829cac0b64d8', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=superorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'superorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,486 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,487 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.0" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.1" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.041 1728 0.041) gunicorn-web stdout | 2025-11-04 09:08:24,491 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:24,491 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:24,491 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,492 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:24,492 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,492 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,492 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:24,492 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:24,493 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:24,497 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quayorg', 1, 3, 1, 'quayorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:24,503 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s, %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [1, 10, None, 1762247304502, False]) gunicorn-web stdout | 2025-11-04 09:08:24,507 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:24,510 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s, %s))', [1, 10]) gunicorn-web stdout | 2025-11-04 09:08:24,513 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:24,516 [248] [DEBUG] [app] Starting request: urn:request:8e4c62d5-7cdc-4c14-aedc-5d3cbdd0af6b (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:24,518 [246] [DEBUG] [app] Ending request: urn:request:2900e4c9-4642-486c-8125-204d86c2929e (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:2900e4c9-4642-486c-8125-204d86c2929e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quayorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quayorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:24,518 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:24,518 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,519 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.0" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.1" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.041 1727 0.041) gunicorn-registry stdout | 2025-11-04 09:08:24,520 [257] [DEBUG] [app] Starting request: urn:request:4e1d824d-2fbb-47ab-8b3e-43e82c51b980 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:24,520 [257] [DEBUG] [app] Ending request: urn:request:4e1d824d-2fbb-47ab-8b3e-43e82c51b980 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:4e1d824d-2fbb-47ab-8b3e-43e82c51b980', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:24,521 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:08:24,521 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:24,522 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:24,523 [246] [DEBUG] [app] Starting request: urn:request:87236152-a8dc-42de-b109-139827bbf9f9 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:24,524 [246] [DEBUG] [app] Ending request: urn:request:87236152-a8dc-42de-b109-139827bbf9f9 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:87236152-a8dc-42de-b109-139827bbf9f9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:24,525 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:24,525 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:24,525 [248] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:24,525 [248] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:24,525 [248] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:24,531 [248] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:24,531 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:24,540 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:24,543 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:24,546 [248] [DEBUG] [app] Ending request: urn:request:8e4c62d5-7cdc-4c14-aedc-5d3cbdd0af6b (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:8e4c62d5-7cdc-4c14-aedc-5d3cbdd0af6b', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:24,546 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,547 [248] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.031 118 0.032) gunicorn-web stdout | 2025-11-04 09:08:24,587 [246] [DEBUG] [app] Starting request: urn:request:ccf91ba0-af53-459d-8be2-f33fe43420d0 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:24,588 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:24,591 [263] [DEBUG] [app] Starting request: urn:request:b6e5bd36-3b84-4920-80aa-34c6ae73b52b (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:24,591 [263] [DEBUG] [app] Ending request: urn:request:b6e5bd36-3b84-4920-80aa-34c6ae73b52b (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:b6e5bd36-3b84-4920-80aa-34c6ae73b52b', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:24,592 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:24,592 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:08:24,593 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:24,594 [248] [DEBUG] [app] Starting request: urn:request:89f4debc-1900-4858-8e02-4c6817849913 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:24,595 [248] [DEBUG] [app] Ending request: urn:request:89f4debc-1900-4858-8e02-4c6817849913 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:89f4debc-1900-4858-8e02-4c6817849913', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.002) gunicorn-web stdout | 2025-11-04 09:08:24,595 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:24,595 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:24,595 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:24,596 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:24,596 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:24,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:24,603 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:24,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:24,615 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:24,618 [246] [DEBUG] [app] Ending request: urn:request:ccf91ba0-af53-459d-8be2-f33fe43420d0 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:ccf91ba0-af53-459d-8be2-f33fe43420d0', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:24,618 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:24,618 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.031 118 0.031) gunicorn-web stdout | 2025-11-04 09:08:25,453 [246] [DEBUG] [app] Starting request: urn:request:4f551579-a3b9-48aa-914a-f432bfd14122 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,453 [249] [DEBUG] [app] Starting request: urn:request:113dbe43-9923-4295-abd0-95cda69f6931 (/api/v1/organization/superorg/quota) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,453 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,453 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,453 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,453 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,454 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,455 [248] [DEBUG] [app] Starting request: urn:request:7dae0d4a-6dd2-47b0-8084-beb36b9e1bcb (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,455 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,455 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,456 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,456 [247] [DEBUG] [app] Starting request: urn:request:6dfc567c-6cd2-4ddd-9534-02bbc86b5b2b (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,456 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,456 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,456 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,457 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,467 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,467 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,468 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,468 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,469 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,469 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,469 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,469 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,472 [246] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'superorg', 1, 3, 1, 'superorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:25,472 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,472 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,472 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,472 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,472 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,472 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,473 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,473 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,474 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,474 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,474 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,474 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,474 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,474 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,474 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,475 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,475 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,477 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,477 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,477 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,477 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,478 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [9, None, 1762247305477, False]) gunicorn-web stdout | 2025-11-04 09:08:25,478 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,479 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,479 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,479 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,480 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,480 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,480 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,480 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,481 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,481 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:25,482 [249] [DEBUG] [app] Ending request: urn:request:113dbe43-9923-4295-abd0-95cda69f6931 (/api/v1/organization/superorg/quota) {'endpoint': 'api.organizationquotalist', 'request_id': 'urn:request:113dbe43-9923-4295-abd0-95cda69f6931', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/quota', 'path': '/api/v1/organization/superorg/quota', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,482 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:25,483 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/quota HTTP/1.0" 200 3 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/quota HTTP/1.1" 200 3 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.031 1719 0.031) gunicorn-web stdout | 2025-11-04 09:08:25,484 [249] [DEBUG] [app] Starting request: urn:request:6582fd8f-8067-4b39-9c86-4b063ffcefba (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,484 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,484 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,484 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,484 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,484 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,484 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,484 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,484 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,485 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,484 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:25,485 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,485 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:08:25,485 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:25,488 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:25,488 [246] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [9]) gunicorn-web stdout | 2025-11-04 09:08:25,489 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:25,491 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,491 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:25,493 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:25,494 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,494 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,495 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,495 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,495 [246] [DEBUG] [app] Ending request: urn:request:4f551579-a3b9-48aa-914a-f432bfd14122 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:4f551579-a3b9-48aa-914a-f432bfd14122', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=superorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'superorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,495 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,495 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,495 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:25,496 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.0" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:25,496 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,496 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,496 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [True, False]) gunicorn-web stdout | 2025-11-04 09:08:25,496 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.1" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.044 1752 0.044) gunicorn-web stdout | 2025-11-04 09:08:25,496 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,497 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,497 [246] [DEBUG] [app] Starting request: urn:request:fb90cec6-f623-42ea-97f7-bb11fcdf796a (/api/v1/organization/superorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,497 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,497 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,498 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,499 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,500 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:25,501 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,502 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,504 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,504 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,506 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,507 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,508 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,509 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,509 [247] [DEBUG] [app] Ending request: urn:request:6dfc567c-6cd2-4ddd-9534-02bbc86b5b2b (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:6dfc567c-6cd2-4ddd-9534-02bbc86b5b2b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,510 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1713 0.056) gunicorn-web stdout | 2025-11-04 09:08:25,510 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:25,511 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:25,511 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,512 [248] [DEBUG] [app] Ending request: urn:request:7dae0d4a-6dd2-47b0-8084-beb36b9e1bcb (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:7dae0d4a-6dd2-47b0-8084-beb36b9e1bcb', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,512 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:25,513 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.059 1713 0.059) gunicorn-web stdout | 2025-11-04 09:08:25,514 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,515 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,515 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,515 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,516 [246] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'superorg+%']) gunicorn-web stdout | 2025-11-04 09:08:25,517 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,521 [246] [DEBUG] [app] Ending request: urn:request:fb90cec6-f623-42ea-97f7-bb11fcdf796a (/api/v1/organization/superorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:fb90cec6-f623-42ea-97f7-bb11fcdf796a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/superorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,522 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:25,522 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:25,522 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.067 1749 0.067) gunicorn-web stdout | 2025-11-04 09:08:25,525 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,528 [249] [DEBUG] [app] Ending request: urn:request:6582fd8f-8067-4b39-9c86-4b063ffcefba (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:6582fd8f-8067-4b39-9c86-4b063ffcefba', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,529 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:25,529 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.075 1716 0.075) globalpromstats stdout | 2025-11-04 09:08:25,681 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:25,822 [249] [DEBUG] [app] Starting request: urn:request:088435e5-2b5e-4809-a2f9-a6f3d27a9990 (/api/v1/organization/superorg/applications) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,822 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,822 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,823 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,830 [248] [DEBUG] [app] Starting request: urn:request:fb308e18-47ed-4ab3-8975-a3faa2dde960 (/api/v1/organization/superorg/logs) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,830 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,830 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,831 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,834 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,834 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,834 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,835 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,835 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,835 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,835 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,836 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,841 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,842 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,842 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,842 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,842 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,843 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,843 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,843 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,843 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,843 [246] [DEBUG] [app] Starting request: urn:request:3b8d5b29-6cf8-41dd-b086-736a69f2c05b (/api/v1/organization/superorg/aggregatelogs) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:25,843 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,844 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,844 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,844 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,846 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."client_id", "t1"."secure_client_secret", "t1"."fully_migrated", "t1"."redirect_uri", "t1"."application_uri", "t1"."organization_id", "t1"."name", "t1"."description", "t1"."gravatar_email" FROM "oauthapplication" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,849 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,850 [249] [DEBUG] [app] Ending request: urn:request:088435e5-2b5e-4809-a2f9-a6f3d27a9990 (/api/v1/organization/superorg/applications) {'endpoint': 'api.organizationapplications', 'request_id': 'urn:request:088435e5-2b5e-4809-a2f9-a6f3d27a9990', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/applications', 'path': '/api/v1/organization/superorg/applications', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,850 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:25,850 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/applications HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/applications HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.029 1726 0.029) gunicorn-web stdout | 2025-11-04 09:08:25,851 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,855 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."kind_id", "t1"."account_id", "t1"."performer_id", "t1"."repository_id", "t1"."datetime", "t1"."ip", "t1"."metadata_json", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "logentry3" AS "t1" LEFT OUTER JOIN "user" AS "t2" ON ("t2"."id" = "t1"."performer_id") WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) ORDER BY "t1"."datetime" DESC LIMIT %s', [datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 21]) gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,856 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,858 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:25,859 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "logentrykind" AS "t1"', []) gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:25,862 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:25,864 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,866 [248] [DEBUG] [app] Ending request: urn:request:fb308e18-47ed-4ab3-8975-a3faa2dde960 (/api/v1/organization/superorg/logs) {'endpoint': 'api.orglogs', 'request_id': 'urn:request:fb308e18-47ed-4ab3-8975-a3faa2dde960', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/logs?starttime=10/05/2025&endtime=11/04/2025&next_page=', 'path': '/api/v1/organization/superorg/logs', 'parameters': {'starttime': '10/05/2025', 'endtime': '11/04/2025', 'next_page': ''}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,867 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/logs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025&next_page= HTTP/1.1" 200 4965 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.038 1777 0.038) gunicorn-web stdout | 2025-11-04 09:08:25,867 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/logs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025&next_page= HTTP/1.0" 200 4965 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:25,868 [246] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry3" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 'day']) gunicorn-web stdout | 2025-11-04 09:08:25,872 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,876 [246] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry2" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 'day']) gunicorn-web stdout | 2025-11-04 09:08:25,879 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:25,882 [246] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 4, 'day']) gunicorn-web stdout | 2025-11-04 09:08:25,886 [246] [DEBUG] [app] Ending request: urn:request:3b8d5b29-6cf8-41dd-b086-736a69f2c05b (/api/v1/organization/superorg/aggregatelogs) {'endpoint': 'api.orgaggregatelogs', 'request_id': 'urn:request:3b8d5b29-6cf8-41dd-b086-736a69f2c05b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/aggregatelogs?starttime=10/05/2025&endtime=11/04/2025', 'path': '/api/v1/organization/superorg/aggregatelogs', 'parameters': {'starttime': '10/05/2025', 'endtime': '11/04/2025'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:25,887 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/aggregatelogs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025 HTTP/1.1" 200 359 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.045 1775 0.045) gunicorn-web stdout | 2025-11-04 09:08:25,887 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:25 +0000] "GET /api/v1/organization/superorg/aggregatelogs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025 HTTP/1.0" 200 359 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" quotaregistrysizeworker stdout | 2025-11-04 09:08:25,898 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:08:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:08:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:34.952363+00:00 (in 8.995325 seconds) gcworker stdout | 2025-11-04 09:08:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:55 GMT)" (scheduled at 2025-11-04 09:08:25.956600+00:00) gcworker stdout | 2025-11-04 09:08:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:08:25,968 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762247005968, None, 1, 0]) gcworker stdout | 2025-11-04 09:08:25,972 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:08:25,972 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:08:55 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:08:26,206 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:26,219 [248] [DEBUG] [app] Starting request: urn:request:dfea4844-6dbf-4728-ab5c-a1e9083e9650 (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:26,219 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,219 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,219 [247] [DEBUG] [app] Starting request: urn:request:5bba9b9d-6334-4ca0-8862-066f5678280b (/api/v1/organization/superorg/prototypes) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:26,219 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,219 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,220 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,220 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,232 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,233 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:26,233 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:26,233 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,234 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:26,234 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,238 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,238 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,238 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,238 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,239 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:26,240 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,240 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:26,244 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."org_id", "t1"."uuid", "t1"."activating_user_id", "t1"."delegate_user_id", "t1"."delegate_team_id", "t1"."role_id" FROM "permissionprototype" AS "t1" LEFT OUTER JOIN "user" AS "t2" ON ("t2"."id" = "t1"."activating_user_id") LEFT OUTER JOIN "user" AS "t3" ON ("t3"."id" = "t1"."delegate_user_id") LEFT OUTER JOIN "team" AS "t4" ON ("t4"."id" = "t1"."delegate_team_id") LEFT OUTER JOIN "role" AS "t5" ON ("t5"."id" = "t1"."role_id") WHERE ("t1"."org_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:26,245 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,245 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,245 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,245 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,246 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,246 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,246 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:26,247 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:26,247 [247] [DEBUG] [app] Ending request: urn:request:5bba9b9d-6334-4ca0-8862-066f5678280b (/api/v1/organization/superorg/prototypes) {'endpoint': 'api.permissionprototypelist', 'request_id': 'urn:request:5bba9b9d-6334-4ca0-8862-066f5678280b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/prototypes', 'path': '/api/v1/organization/superorg/prototypes', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:26,248 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:26 +0000] "GET /api/v1/organization/superorg/prototypes HTTP/1.1" 200 19 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.030 1724 0.030) gunicorn-web stdout | 2025-11-04 09:08:26,248 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:26 +0000] "GET /api/v1/organization/superorg/prototypes HTTP/1.0" 200 19 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:26,250 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:26,254 [248] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:26,256 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,256 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,257 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,257 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,257 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:26,261 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,265 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:26,268 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,271 [248] [DEBUG] [app] Ending request: urn:request:dfea4844-6dbf-4728-ab5c-a1e9083e9650 (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:dfea4844-6dbf-4728-ab5c-a1e9083e9650', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:26,272 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:26,272 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:26 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:26 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1713 0.055) gunicorn-web stdout | 2025-11-04 09:08:26,300 [246] [DEBUG] [app] Starting request: urn:request:953ff5b1-2c73-49e4-bfad-bdcc250332f7 (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:26,301 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,301 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,301 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:26,313 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:26,314 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:08:26,318 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:26,323 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,326 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:26,329 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:26,332 [246] [DEBUG] [app] Ending request: urn:request:953ff5b1-2c73-49e4-bfad-bdcc250332f7 (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:953ff5b1-2c73-49e4-bfad-bdcc250332f7', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:26,332 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:26,333 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:26 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:26 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/superorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.034 1708 0.033) proxycacheblobworker stdout | 2025-11-04 09:08:26,907 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:08:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:08:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:51.065407+00:00 (in 24.001021 seconds) repositorygcworker stdout | 2025-11-04 09:08:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:27 GMT)" (scheduled at 2025-11-04 09:08:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:08:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:08:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 27, 64715), True, datetime.datetime(2025, 11, 4, 9, 8, 27, 64715), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:08:27,077 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:08:27,077 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:08:27,077 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:08:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:27,142 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:34.140529+00:00 (in 6.997615 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:27 GMT)" (scheduled at 2025-11-04 09:08:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:08:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:08:27,399 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:08:27,597 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:08:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:08:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:10.743793+00:00 (in 42.997535 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:08:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:27 GMT)" (scheduled at 2025-11-04 09:08:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:08:27,746 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:08:27,746 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:27 GMT)" executed successfully blobuploadcleanupworker stdout | 2025-11-04 09:08:27,799 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:08:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:08:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:16.343350+00:00 (in 48.002495 seconds) exportactionlogsworker stdout | 2025-11-04 09:08:28,341 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:28 GMT)" (scheduled at 2025-11-04 09:08:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:08:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:08:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 28, 341240), True, datetime.datetime(2025, 11, 4, 9, 8, 28, 341240), 0, 'exportactionlogs/%', 50, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:08:28,353 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:08:28,353 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:08:28,353 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:28 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:08:28,480 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:28,756 [247] [DEBUG] [app] Starting request: urn:request:48fc2277-5104-4c4d-a59e-8fcbe26b0533 (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:28,756 [249] [DEBUG] [app] Starting request: urn:request:c803aee1-39bd-4cad-81ed-88449e91f167 (/api/v1/repository/superorg/repo1) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:28,756 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,756 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,756 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,757 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,757 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,757 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,768 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:28,768 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:28,768 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,769 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:28,769 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,769 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,769 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,769 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,770 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:28,770 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:28,770 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,770 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:28,771 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,774 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,774 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,774 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,774 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,775 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,775 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:28,776 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:28,781 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:28,782 [249] [DEBUG] [endpoints.api.repository] Get repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:28,782 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:28,782 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,785 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:28,786 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."repository_id", "t1"."created" FROM "star" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."user_id" = %s)) LIMIT %s OFFSET %s', [9, 1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,788 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:28,790 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."count", "t1"."date" FROM "repositoryactioncount" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."date" >= %s))', [9, datetime.date(2025, 8, 4)]) gunicorn-web stdout | 2025-11-04 09:08:28,791 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,792 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,792 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,792 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,792 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:28,793 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,793 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:28,794 [249] [DEBUG] [app] Ending request: urn:request:c803aee1-39bd-4cad-81ed-88449e91f167 (/api/v1/repository/superorg/repo1) {'endpoint': 'api.repository', 'request_id': 'urn:request:c803aee1-39bd-4cad-81ed-88449e91f167', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1?includeStats=true&includeTags=false', 'path': '/api/v1/repository/superorg/repo1', 'parameters': {'includeStats': 'true', 'includeTags': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:28,794 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:28,795 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:28 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.0" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:28 +0000] "GET /api/v1/repository/superorg/repo1?includeStats=true&includeTags=false HTTP/1.1" 200 3588 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.040 1757 0.040) gunicorn-web stdout | 2025-11-04 09:08:28,795 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,799 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:28,802 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:28,806 [247] [DEBUG] [app] Ending request: urn:request:48fc2277-5104-4c4d-a59e-8fcbe26b0533 (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:48fc2277-5104-4c4d-a59e-8fcbe26b0533', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:28,806 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:28 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1717 0.052) gunicorn-web stdout | 2025-11-04 09:08:28,807 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:28 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" notificationworker stdout | 2025-11-04 09:08:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:29.157944+00:00 (in 0.001157 seconds) notificationworker stdout | 2025-11-04 09:08:29,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:39 GMT)" (scheduled at 2025-11-04 09:08:29.156372+00:00) notificationworker stdout | 2025-11-04 09:08:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:08:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 29, 157148), True, datetime.datetime(2025, 11, 4, 9, 8, 29, 157148), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:08:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:39.156372+00:00 (in 9.998129 seconds) notificationworker stdout | 2025-11-04 09:08:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:29 GMT)" (scheduled at 2025-11-04 09:08:29.157944+00:00) notificationworker stdout | 2025-11-04 09:08:29,159 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:08:29,159 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:08:29,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:08:29,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:08:29,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:08:29,395 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:08:29,604 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:30,116 [247] [DEBUG] [app] Starting request: urn:request:044bcbc5-73c9-4b18-b671-2b726e1c866b (/api/v1/repository/superorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,116 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,116 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,117 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,129 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,131 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,138 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,139 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,145 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,150 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,153 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,156 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,160 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [9, None, 1762247310160, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,166 [247] [DEBUG] [app] Ending request: urn:request:044bcbc5-73c9-4b18-b671-2b726e1c866b (/api/v1/repository/superorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:044bcbc5-73c9-4b18-b671-2b726e1c866b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/superorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:30,167 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:30,167 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 295 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1772 0.052) gunicorn-web stdout | 2025-11-04 09:08:30,502 [248] [DEBUG] [app] Starting request: urn:request:d9b1e452-1232-4233-afeb-1a4b1ff54257 (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,503 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,503 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,504 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,517 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,517 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,517 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,518 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,518 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,518 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,518 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,518 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,519 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,524 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,526 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,531 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,536 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,540 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,544 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,548 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', None, 1762247310547, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,553 [248] [DEBUG] [app] Ending request: urn:request:d9b1e452-1232-4233-afeb-1a4b1ff54257 (/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:d9b1e452-1232-4233-afeb-1a4b1ff54257', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:30,553 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:30,554 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.0" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83?include_modelcard=true HTTP/1.1" 200 2735 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1819 0.053) repositorygcworker stdout | 2025-11-04 09:08:30,613 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:08:30,698 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:30,910 [246] [DEBUG] [app] Starting request: urn:request:60b3b7b9-3f8c-40eb-81b4-022e2c52f016 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,911 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,911 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,911 [248] [DEBUG] [app] Starting request: urn:request:461ce6a8-d383-4ea7-b371-fc5613c75050 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,911 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,911 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,911 [247] [DEBUG] [app] Starting request: urn:request:08daee57-5c42-4a6a-8be1-f62d792488ea (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,912 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,912 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,912 [249] [DEBUG] [app] Starting request: urn:request:a3983608-68a7-4fae-a1bd-ca71485cff8b (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,912 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,912 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,912 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,912 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,913 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,913 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,924 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,924 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,924 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,924 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,924 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,924 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,924 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,924 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,925 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,925 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,925 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,925 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,925 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,925 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,925 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,925 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,925 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,925 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,925 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,926 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,926 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,926 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,926 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,926 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,926 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,927 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,927 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,927 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,931 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,932 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,932 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,932 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,932 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,933 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,933 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,934 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,937 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,939 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,940 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,940 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,942 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,944 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,945 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,945 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,945 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,948 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,948 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,949 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,949 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,951 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,952 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,952 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,952 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247310951, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,955 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247310954, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,956 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,956 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,957 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', None, 1762247310957, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,959 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', None, 1762247310959, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,960 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,960 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,962 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [31, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,963 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 gunicorn-web stdout | 2025-11-04 09:08:30,963 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52: {'manifest_hash': 'sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:30,964 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d gunicorn-web stdout | 2025-11-04 09:08:30,964 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d: {'manifest_hash': 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:30,964 [246] [DEBUG] [app] Ending request: urn:request:60b3b7b9-3f8c-40eb-81b4-022e2c52f016 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:60b3b7b9-3f8c-40eb-81b4-022e2c52f016', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:30,964 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,964 [247] [DEBUG] [app] Ending request: urn:request:08daee57-5c42-4a6a-8be1-f62d792488ea (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:08daee57-5c42-4a6a-8be1-f62d792488ea', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:30,965 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:30,965 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:30,965 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:30,965 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.056 1826 0.056) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:30 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:30,967 [247] [DEBUG] [app] Starting request: urn:request:92e673c0-bd39-45da-ac9e-90d8997ffeba (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,967 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,967 [246] [DEBUG] [app] Starting request: urn:request:fd9fc3a8-6191-4382-beff-e25d3dfa684f (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,967 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,967 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,967 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,967 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,968 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,968 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,968 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,971 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['a6a852be-a247-44ea-b069-5dde2d0c82f9']) gunicorn-web stdout | 2025-11-04 09:08:30,972 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['9b405135-d988-4a2c-a7c6-d499c1eecff2']) gunicorn-web stdout | 2025-11-04 09:08:30,975 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:30,976 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:30,976 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:30,976 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'} gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,977 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090830Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090830Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | ccb4908528e13a19d53838ce65a03ceae24ae2fc2d4d9d6ef38812e5f1db552d gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | e6c5e8ea24083257593aaca95eb911ea30bf97e7c85646ef31808ddf5af13893 gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'} gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090830Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e6c5e8ea24083257593aaca95eb911ea30bf97e7c85646ef31808ddf5af13893', 'amz-sdk-invocation-id': b'4840d10d-0d4f-40e0-9b8c-a0fceb18498d', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,978 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:30,978 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,978 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,979 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,979 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,979 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,979 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,980 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090830Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090830Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | dcd9c2f9a8bd69829689948ce3c9e211aa630a9b39be58933ecbfbbe2c90ae9f gunicorn-web stdout | 2025-11-04 09:08:30,980 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 188f1fd1f65e6481dfbf85ecfe87024cf568575676445bd1ef2870a8a501957b gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:30,980 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:30,981 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:30,981 [248] [DEBUG] [app] Starting request: urn:request:ee482063-7fc3-424a-8908-d141176b4d44 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,981 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090830Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=188f1fd1f65e6481dfbf85ecfe87024cf568575676445bd1ef2870a8a501957b', 'amz-sdk-invocation-id': b'e5d69766-f9b7-41b4-9894-4865a9c12eae', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:30,981 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,981 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,981 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:30,981 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,982 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,982 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:30,983 [249] [DEBUG] [app] Starting request: urn:request:759d8323-0565-4843-8b24-981a03d007fb (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:30,983 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,983 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,984 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,985 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,986 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,988 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,989 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,993 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,993 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,994 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,995 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:30,995 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:30,996 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,996 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:30,996 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:30,996 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,996 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,996 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:30,996 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:30,997 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:30,998 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,000 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,001 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,001 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,001 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,002 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,004 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,004 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,005 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,007 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,008 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,008 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247311008, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,010 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,012 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,012 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247311011, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,013 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', None, 1762247311013, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,015 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,015 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,017 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,017 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', None, 1762247311017, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,018 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,018 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,021 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [32, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,021 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,022 [247] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,022 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,025 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [33, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,025 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,026 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,026 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['dd459018-ad0e-4277-a622-172fa8f36752']) gunicorn-web stdout | 2025-11-04 09:08:31,028 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 gunicorn-web stdout | 2025-11-04 09:08:31,029 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992: {'manifest_hash': 'sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,029 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['1d044cf7-21b0-4166-b66f-36cd96ea0b64']) gunicorn-web stdout | 2025-11-04 09:08:31,029 [248] [DEBUG] [app] Ending request: urn:request:ee482063-7fc3-424a-8908-d141176b4d44 (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:ee482063-7fc3-424a-8908-d141176b4d44', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,029 [247] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,030 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,030 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.120 1826 0.120) gunicorn-web stdout | 2025-11-04 09:08:31,031 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'} gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,031 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,032 [248] [DEBUG] [app] Starting request: urn:request:0e95869e-6b36-4248-9c23-ddb8e6c4e77a (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,032 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,032 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,032 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,032 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,033 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,033 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,033 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 3fe421d0b60c0cad4c584fa416963e6e63f7024c295e212f548a735f24c5c266 gunicorn-web stdout | 2025-11-04 09:08:31,033 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a gunicorn-web stdout | 2025-11-04 09:08:31,033 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,033 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a: {'manifest_hash': 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,033 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 0ca6fafa070c1bf7294abcf89846cd8110ae9ad6e34a46e397d50cec92744f11 gunicorn-web stdout | 2025-11-04 09:08:31,033 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,033 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,034 [247] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,034 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0ca6fafa070c1bf7294abcf89846cd8110ae9ad6e34a46e397d50cec92744f11', 'amz-sdk-invocation-id': b'be5a6eec-bbc5-4901-a979-648833b405ff', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,034 [249] [DEBUG] [app] Ending request: urn:request:759d8323-0565-4843-8b24-981a03d007fb (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:759d8323-0565-4843-8b24-981a03d007fb', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'} gunicorn-web stdout | 2025-11-04 09:08:31,034 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,034 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,034 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,034 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,035 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,035 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.125 1826 0.125) gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 579f4c13baa425975a38e7b547a3e6b035678597d3328da44cbba7671d4cc2eb gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 432b0112d17676a3f7abe0093624d0b003ec756b85e35026fb50a23dedfa45a8 gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=432b0112d17676a3f7abe0093624d0b003ec756b85e35026fb50a23dedfa45a8', 'amz-sdk-invocation-id': b'd1bf860a-d557-4459-a23a-f088e612569b', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,036 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,037 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:31,045 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,045 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,045 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,046 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,046 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,046 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,046 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,046 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,048 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,054 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,055 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,062 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,068 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,072 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,076 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,080 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,084 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [34, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,087 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc gunicorn-web stdout | 2025-11-04 09:08:31,115 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e9/e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:08:31,116 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjroo-45x5m0-t7q', 'x-amz-id-2': 'mhkcjroo-45x5m0-t7q', 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,116 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,116 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/ef/efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333 HTTP/1.1" 200 1469 gunicorn-web stdout | 2025-11-04 09:08:31,116 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,117 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,117 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,117 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,117 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjrom-44qwgn-dmt', 'x-amz-id-2': 'mhkcjrom-44qwgn-dmt', 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1469', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,117 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,117 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjroo-45x5m0-t7q', 'HostId': 'mhkcjroo-45x5m0-t7q', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjroo-45x5m0-t7q', 'x-amz-id-2': 'mhkcjroo-45x5m0-t7q', 'etag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:05 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 5, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"82c7b3c39906f6285f5f7895dea9b5ed-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,117 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2c/2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68 HTTP/1.1" 200 1470 gunicorn-web stdout | 2025-11-04 09:08:31,117 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjroh-41ktr6-11ga', 'x-amz-id-2': 'mhkcjroh-41ktr6-11ga', 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1470', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,118 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc: {'manifest_hash': 'sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,118 [248] [DEBUG] [app] Ending request: urn:request:0e95869e-6b36-4248-9c23-ddb8e6c4e77a (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:0e95869e-6b36-4248-9c23-ddb8e6c4e77a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,118 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,117 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,129 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,129 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,129 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,129 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,129 [247] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,129 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:31,129 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,129 [247] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjrom-44qwgn-dmt', 'HostId': 'mhkcjrom-44qwgn-dmt', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjrom-44qwgn-dmt', 'x-amz-id-2': 'mhkcjrom-44qwgn-dmt', 'etag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1469', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 7, tzinfo=tzutc()), 'ContentLength': 1469, 'ETag': '"a25a57a2e23b11fc83b588e0b8a9e6f9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,129 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,130 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,130 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.219 1826 0.219) gunicorn-web stdout | 2025-11-04 09:08:31,130 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjroh-41ktr6-11ga', 'HostId': 'mhkcjroh-41ktr6-11ga', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjroh-41ktr6-11ga', 'x-amz-id-2': 'mhkcjroh-41ktr6-11ga', 'etag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:10 GMT', 'content-type': 'application/octet-stream', 'content-length': '1470', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 10, tzinfo=tzutc()), 'ContentLength': 1470, 'ETag': '"73f0b185c4518fa35524636fd985e7bd-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,130 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:e97d22a1639feff720b2422f647c6bbae38feb839180da7eeceae3927d1cc936', 1, 9, 'sha256:94b622d2880b7640fe5cf6da80a87db008e0529da67218311bc90f0fb1205091', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,132 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,132 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,135 [246] [DEBUG] [app] Ending request: urn:request:fd9fc3a8-6191-4382-beff-e25d3dfa684f (/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:fd9fc3a8-6191-4382-beff-e25d3dfa684f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,135 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2c4cda7768082183e326ca088cc46799b272b19c4636f03ea9c3548b7418ab68', 1, 9, 'sha256:7ceae7886eafad2b1357f06c9477a2d217e23c9d62c8d217b5d0ed7447e76a6a', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,135 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,136 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:897ee244eb86a38fa6f7d21e6a9e22aae41f105c574fc47b2c77cff8be98e29d HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.226 1796 0.226) gunicorn-web stdout | 2025-11-04 09:08:31,136 [247] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:efe68d0e669c8a0edb6d90769bfa076a22dd394ee5498efdcd9126e3a28fa333', 1, 9, 'sha256:7bc0df393b289d450de141fd2c095776adb8cb79f976c1dacb787c9fc9a4d201', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,141 [249] [DEBUG] [app] Ending request: urn:request:a3983608-68a7-4fae-a1bd-ca71485cff8b (/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:a3983608-68a7-4fae-a1bd-ca71485cff8b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,141 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,141 [247] [DEBUG] [app] Ending request: urn:request:92e673c0-bd39-45da-ac9e-90d8997ffeba (/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:92e673c0-bd39-45da-ac9e-90d8997ffeba', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.231 1796 0.231) gunicorn-web stdout | 2025-11-04 09:08:31,141 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:c940f8509c36033b11bd7468bf9d9cb60b51f4be13033cfe70e86581944d66cc HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:31,142 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.233 1796 0.233) gunicorn-web stdout | 2025-11-04 09:08:31,143 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:da1b5115bf7e41d123977962115034c67d019ef63fc0c3b9ddfdea3b6f9f9992 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:31,143 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/62/62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8 HTTP/1.1" 200 1457 gunicorn-web stdout | 2025-11-04 09:08:31,143 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjrq3-50czqj-hcj', 'x-amz-id-2': 'mhkcjrq3-50czqj-hcj', 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1457', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,143 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,144 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,144 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,144 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,144 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,144 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjrq3-50czqj-hcj', 'HostId': 'mhkcjrq3-50czqj-hcj', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjrq3-50czqj-hcj', 'x-amz-id-2': 'mhkcjrq3-50czqj-hcj', 'etag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:03 GMT', 'content-type': 'application/octet-stream', 'content-length': '1457', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 3, tzinfo=tzutc()), 'ContentLength': 1457, 'ETag': '"5334a6fe4f05f92b3b3216924c57c7a8-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,145 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,150 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:19d511225f94f9b5cbf3836eb02b5273c01b95da50735742560e3e45b8c8bfcc', 1, 9, 'sha256:62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,155 [248] [DEBUG] [app] Ending request: urn:request:461ce6a8-d383-4ea7-b371-fc5613c75050 (/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:461ce6a8-d383-4ea7-b371-fc5613c75050', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,155 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,156 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:dcdf379c574e1773d703f0c0d56d67594e7a91d6b84d11ff46799f60fb081c52 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.246 1796 0.246) gunicorn-web stdout | 2025-11-04 09:08:31,374 [246] [DEBUG] [app] Starting request: urn:request:89fcc815-4a86-49e0-83dd-8a443e12c07b (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,374 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,374 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,374 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,386 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,387 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,392 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,393 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,399 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,404 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,407 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,410 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,414 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247311414, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,419 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', None, 1762247311418, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,423 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [35, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,428 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,431 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d82d7341-fba3-4ba1-be5d-73f5c5a06d4d']) gunicorn-web stdout | 2025-11-04 09:08:31,434 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,435 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'} gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,436 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 51416f3d3de403e3c261a71d8319a2a2d6734e780c89558416a29b5ba89a3c1a gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | be44ef3e1ccb51ecacfc3c39e25c8ea50e94d2a7aa336b1eb4ef47967a9b348c gunicorn-web stdout | 2025-11-04 09:08:31,437 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,438 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,438 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,438 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=be44ef3e1ccb51ecacfc3c39e25c8ea50e94d2a7aa336b1eb4ef47967a9b348c', 'amz-sdk-invocation-id': b'c50db4c4-a162-41c7-b78c-11e3ac5c94ba', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,438 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,450 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/3c/3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6 HTTP/1.1" 200 1472 gunicorn-web stdout | 2025-11-04 09:08:31,450 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjryn-a3ahji-zsa', 'x-amz-id-2': 'mhkcjryn-a3ahji-zsa', 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1472', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,450 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,451 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,451 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,451 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,451 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,451 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjryn-a3ahji-zsa', 'HostId': 'mhkcjryn-a3ahji-zsa', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjryn-a3ahji-zsa', 'x-amz-id-2': 'mhkcjryn-a3ahji-zsa', 'etag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:12 GMT', 'content-type': 'application/octet-stream', 'content-length': '1472', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 12, tzinfo=tzutc()), 'ContentLength': 1472, 'ETag': '"4b816b138a200cdf7a3a6af0af9d6154-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,452 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,456 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6', 1, 9, 'sha256:87379020f3b6731a4b64976e614d305f5c121d153c049d14ba600ff24bbac012', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,460 [246] [DEBUG] [app] Ending request: urn:request:89fcc815-4a86-49e0-83dd-8a443e12c07b (/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:89fcc815-4a86-49e0-83dd-8a443e12c07b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,461 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,461 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.089 1796 0.089) gunicorn-web stdout | 2025-11-04 09:08:31,464 [246] [DEBUG] [app] Starting request: urn:request:b2c46d8a-2424-416a-8b90-4f4f6a6c51dc (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,464 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,464 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,465 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-secscan stdout | 2025-11-04 09:08:31,466 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:08:31,470 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:08:31,470 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:31,472 [249] [DEBUG] [app] Starting request: urn:request:79f29dce-4204-4267-92e1-f9d20f34750a (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,473 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,473 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,473 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,476 [247] [DEBUG] [app] Starting request: urn:request:3f10ff9a-f352-4778-9466-9f46c66bdea0 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,476 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,476 [248] [DEBUG] [app] Starting request: urn:request:59cfcbf4-5c01-427f-996f-4477fedfd97b (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,476 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,476 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,476 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,477 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,477 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,477 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,478 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,479 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,484 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,485 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,485 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,485 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,485 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,485 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,485 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,485 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,486 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,486 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,487 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,488 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,488 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,488 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,488 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,489 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,489 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,489 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,489 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,489 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,489 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,491 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,491 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,492 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,494 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,495 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,496 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,496 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,496 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,497 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,500 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,500 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,502 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,503 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,503 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,504 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,507 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,507 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,508 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,508 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,510 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,511 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,511 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,512 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,513 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,515 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247311514, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,515 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 gunicorn-web stdout | 2025-11-04 09:08:31,515 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933: {'manifest_hash': 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,515 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,515 [246] [DEBUG] [app] Ending request: urn:request:b2c46d8a-2424-416a-8b90-4f4f6a6c51dc (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:b2c46d8a-2424-416a-8b90-4f4f6a6c51dc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,516 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,516 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1826 0.053) gunicorn-web stdout | 2025-11-04 09:08:31,517 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,517 [246] [DEBUG] [app] Starting request: urn:request:a3ecc47a-cb50-4d2b-b3de-d145ecb115b1 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,518 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,518 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,518 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,521 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247311520, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,521 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,521 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', None, 1762247311520, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,524 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea gunicorn-web stdout | 2025-11-04 09:08:31,524 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea: {'manifest_hash': 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,525 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [36, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,525 [247] [DEBUG] [app] Ending request: urn:request:3f10ff9a-f352-4778-9466-9f46c66bdea0 (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:3f10ff9a-f352-4778-9466-9f46c66bdea0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,525 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,526 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1826 0.052) gunicorn-web stdout | 2025-11-04 09:08:31,526 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', None, 1762247311525, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,529 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,529 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,530 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [37, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,530 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,532 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,533 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['89cf30ce-ff39-4fd8-9cf2-5395bfdb63e4']) gunicorn-web stdout | 2025-11-04 09:08:31,535 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,536 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,537 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'} gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,537 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,538 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,538 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['8625d6e4-2f6f-4d10-aa88-7a6729558869']) gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,538 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | b673067fe099d6475a4f6b3d43d1009ed8c33c6e134426e338aea9b34ce282ef gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 902574b4d70e2b1778a01730736891a4aaba8808e5ebb981521453a5d59de216 gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=902574b4d70e2b1778a01730736891a4aaba8808e5ebb981521453a5d59de216', 'amz-sdk-invocation-id': b'83da4d04-7da7-455d-89fd-66e751e6801d', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,539 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,542 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'} gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,543 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,544 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,545 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | b0d98d93ad6e1edab7d60ee522deb74ad0ee8d3c94aee80e1145867acf864d4b gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | b3ca08afe22987692a35b57cf4e1155c1200072dd3fa194cb84fcb80e3d9b82d gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,545 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,546 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=b3ca08afe22987692a35b57cf4e1155c1200072dd3fa194cb84fcb80e3d9b82d', 'amz-sdk-invocation-id': b'6260a8a1-784c-40fe-8bc2-1e3be67859ae', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,546 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,550 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,553 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,554 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/48/487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589 HTTP/1.1" 200 1453 gunicorn-web stdout | 2025-11-04 09:08:31,554 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjs1g-bruck8-14kj', 'x-amz-id-2': 'mhkcjs1g-bruck8-14kj', 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1453', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,555 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,555 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,555 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,555 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,555 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,555 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjs1g-bruck8-14kj', 'HostId': 'mhkcjs1g-bruck8-14kj', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjs1g-bruck8-14kj', 'x-amz-id-2': 'mhkcjs1g-bruck8-14kj', 'etag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:15 GMT', 'content-type': 'application/octet-stream', 'content-length': '1453', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 15, tzinfo=tzutc()), 'ContentLength': 1453, 'ETag': '"1654842a5c8f817d56cff3043974e9e4-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,556 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,556 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,560 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,560 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:122c52305f257cb504fa1e6417a0e2be0a91c6e8597236feced3168597406ed8', 1, 9, 'sha256:487579e989bf9003fd37fae0a8e94f8c9cf08d7b846f76b8516acf389934e589', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,562 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/e8/e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0 HTTP/1.1" 200 1460 gunicorn-web stdout | 2025-11-04 09:08:31,562 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjs1n-bvu8hm-10wm', 'x-amz-id-2': 'mhkcjs1n-bvu8hm-10wm', 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1460', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,562 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,563 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,563 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,563 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,563 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,563 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjs1n-bvu8hm-10wm', 'HostId': 'mhkcjs1n-bvu8hm-10wm', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjs1n-bvu8hm-10wm', 'x-amz-id-2': 'mhkcjs1n-bvu8hm-10wm', 'etag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:17 GMT', 'content-type': 'application/octet-stream', 'content-length': '1460', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 17, tzinfo=tzutc()), 'ContentLength': 1460, 'ETag': '"98e2690a8515aea2041b6cee0a9bc236-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,564 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,565 [249] [DEBUG] [app] Ending request: urn:request:79f29dce-4204-4267-92e1-f9d20f34750a (/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:79f29dce-4204-4267-92e1-f9d20f34750a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,565 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,565 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,566 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0dc78806f5885db569f7389b0e0df2e190346b0df59937268c5862d5bfc5f933 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.095 1796 0.095) gunicorn-web stdout | 2025-11-04 09:08:31,567 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c gunicorn-web stdout | 2025-11-04 09:08:31,567 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c: {'manifest_hash': 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,568 [246] [DEBUG] [app] Ending request: urn:request:a3ecc47a-cb50-4d2b-b3de-d145ecb115b1 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:a3ecc47a-cb50-4d2b-b3de-d145ecb115b1', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,569 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,569 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:ff2d9c2b154fd3b791f0dcffed0c3c63e3cc5b3549781f2f471478ef124fa11e', 1, 9, 'sha256:e8f9cd61311c15e68e06297b1af6c25112acf69bdbbfaf97e75d9c792d5f75f0', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,569 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.071 1826 0.071) gunicorn-web stdout | 2025-11-04 09:08:31,573 [248] [DEBUG] [app] Ending request: urn:request:59cfcbf4-5c01-427f-996f-4477fedfd97b (/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:59cfcbf4-5c01-427f-996f-4477fedfd97b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,574 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,574 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:d339093e7bda33949fb5f3ddb6eeb6b51b8b0950183a132831c74cba05f0a1ea HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.100 1796 0.100) quotaregistrysizeworker stdout | 2025-11-04 09:08:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:08:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:31.643382+00:00 (in 59.999562 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:08:31,643 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:31 GMT)" (scheduled at 2025-11-04 09:08:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:08:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:08:31,654 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:08:31,655 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:31 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:31,796 [246] [DEBUG] [app] Starting request: urn:request:7f431abc-bf02-4d5c-ba41-6c01e1acb2b9 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,796 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,796 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,797 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,808 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,809 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,811 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,815 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,817 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,823 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,828 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,832 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,835 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,839 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247311838, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,844 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', None, 1762247311843, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,848 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [38, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,852 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,856 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c9d5a016-6b2e-4115-8c6a-27ad74e7b2c6']) gunicorn-web stdout | 2025-11-04 09:08:31,859 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,860 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'} gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,861 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,862 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 971888cca276bed3e3e6ef0c062f847239590593423416f80ecb6bc087f15252 gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 43cd8d131bac8f09091a3f17d58d2cadd84c6e58df5e2995907c62bd41a36962 gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,863 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=43cd8d131bac8f09091a3f17d58d2cadd84c6e58df5e2995907c62bd41a36962', 'amz-sdk-invocation-id': b'4f0f2698-236b-4e62-90b1-16b5889493dc', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,864 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,872 [249] [DEBUG] [app] Starting request: urn:request:7b88ad1f-02f5-4fa2-9168-a4e0477c5689 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,873 [247] [DEBUG] [app] Starting request: urn:request:551c6ed9-7017-4166-9fc0-3e73dd79a95f (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,873 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,873 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,873 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,873 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,873 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,874 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,877 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjsai-m2hl2-16sl', 'x-amz-id-2': 'mhkcjsai-m2hl2-16sl', 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,878 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjsai-m2hl2-16sl', 'HostId': 'mhkcjsai-m2hl2-16sl', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjsai-m2hl2-16sl', 'x-amz-id-2': 'mhkcjsai-m2hl2-16sl', 'etag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:20 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 20, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"46054ad81cad6e70c55ad8e06ba2b9b7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,879 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,884 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:cd719190bb511a8ac7cf73b99bec41e528f046a4b96921c93a22ad0813bcd87a', 1, 9, 'sha256:af2b46f4f75005fd299cb8babd10c9b1536cf86af7c49e1f83c1649888644fa9', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,885 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,885 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,885 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,886 [249] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,886 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,886 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,886 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,886 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,886 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,887 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,888 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,888 [246] [DEBUG] [app] Ending request: urn:request:7f431abc-bf02-4d5c-ba41-6c01e1acb2b9 (/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:7f431abc-bf02-4d5c-ba41-6c01e1acb2b9', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,888 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,889 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:0d4b25aec0a40382a3eaea29e3af360f2c5908c91b3b12ded5492fdc5e74050c HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.095 1796 0.095) gunicorn-web stdout | 2025-11-04 09:08:31,893 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,893 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,894 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,895 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,899 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,900 [246] [DEBUG] [app] Starting request: urn:request:6b68209c-fea1-4995-a486-39ed508ce8d5 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,900 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,900 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,901 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,901 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,902 [248] [DEBUG] [app] Starting request: urn:request:b940173a-153d-443d-b180-bf006eceda27 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:31,902 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,902 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,903 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,905 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,907 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,909 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,911 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,912 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,912 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,912 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,912 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,912 [246] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,912 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,913 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,913 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,913 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,913 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,914 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,914 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [endpoints.api] Checking permission for repo: superorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,914 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,915 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,916 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247311915, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,918 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,919 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,920 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,920 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='superorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:31,921 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', None, 1762247311921, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,921 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'superorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,921 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,925 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 gunicorn-web stdout | 2025-11-04 09:08:31,925 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132: {'manifest_hash': 'sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,925 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [39, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,925 [249] [DEBUG] [app] Ending request: urn:request:7b88ad1f-02f5-4fa2-9168-a4e0477c5689 (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:7b88ad1f-02f5-4fa2-9168-a4e0477c5689', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,926 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,926 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,926 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1826 0.055) gunicorn-web stdout | 2025-11-04 09:08:31,927 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,929 [247] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,931 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,932 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['superorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,934 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['245d7d88-d237-4046-909c-047178021b9e']) gunicorn-web stdout | 2025-11-04 09:08:31,935 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,936 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,937 [247] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,938 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,938 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,938 [247] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'} gunicorn-web stdout | 2025-11-04 09:08:31,938 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,938 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,938 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,938 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,939 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,939 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 742dfb1e3b0f9324eb0a4aa9f3674e60c46526b7741e8ab3348eb2f9bb469c13 gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 9f4a859e4fe0eab7df4c9d03d82a5e0edaf077bfac631cc3c5c94710bd417cfe gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,940 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=9f4a859e4fe0eab7df4c9d03d82a5e0edaf077bfac631cc3c5c94710bd417cfe', 'amz-sdk-invocation-id': b'acf40053-7669-43a0-8757-cd7bd275f7d3', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,941 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,941 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,942 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247311942, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,945 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,947 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', None, 1762247311947, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,949 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc gunicorn-web stdout | 2025-11-04 09:08:31,949 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc: {'manifest_hash': 'sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'packages': {}, 'distributions': {}, 'repository': {}, 'environments': {}, 'vulnerabilities': {}, 'package_vulnerabilities': {}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:31,950 [246] [DEBUG] [app] Ending request: urn:request:6b68209c-fea1-4995-a486-39ed508ce8d5 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:6b68209c-fea1-4995-a486-39ed508ce8d5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,950 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,950 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.0" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc/security?vulnerabilities=true HTTP/1.1" 200 204 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.051 1826 0.051) gunicorn-web stdout | 2025-11-04 09:08:31,951 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [40, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,953 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/2a/2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54 HTTP/1.1" 200 1459 gunicorn-web stdout | 2025-11-04 09:08:31,953 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjscm-1v9rnn-y4p', 'x-amz-id-2': 'mhkcjscm-1v9rnn-y4p', 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1459', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,953 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,954 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,954 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,954 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,954 [247] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,954 [247] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjscm-1v9rnn-y4p', 'HostId': 'mhkcjscm-1v9rnn-y4p', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjscm-1v9rnn-y4p', 'x-amz-id-2': 'mhkcjscm-1v9rnn-y4p', 'etag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:23 GMT', 'content-type': 'application/octet-stream', 'content-length': '1459', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 23, tzinfo=tzutc()), 'ContentLength': 1459, 'ETag': '"cc3ff943bd5e3cdec3236619d55a77bb-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,955 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,956 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,959 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['7198d319-55da-4767-9f1a-ea3fba192665']) gunicorn-web stdout | 2025-11-04 09:08:31,959 [247] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:2ac1765e4b5cd20065ad44dad27dfaf118cba517a38153c36486c0f8bd11ca54', 1, 9, 'sha256:46b5947a368c82da2a25216b85057a03081fa6e86e9b72c2ec471115009a2123', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,962 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'} gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:31,963 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090831Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090831Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | fb2097762fcff2537097faf5f952b443816ee087f35ba765746ca201ec6b77e6 gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 8f06c12b121bc5899c7e8b54ff33d405fb4f51e1142d8386904a0a0ffe50ecde gunicorn-web stdout | 2025-11-04 09:08:31,964 [247] [DEBUG] [app] Ending request: urn:request:551c6ed9-7017-4166-9fc0-3e73dd79a95f (/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:551c6ed9-7017-4166-9fc0-3e73dd79a95f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,964 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,965 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:31,965 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,965 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090831Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8f06c12b121bc5899c7e8b54ff33d405fb4f51e1142d8386904a0a0ffe50ecde', 'amz-sdk-invocation-id': b'13a15b56-381e-43eb-b2c9-e9cbaab79802', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:31,965 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,965 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:31,965 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.0" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:3cb3c11a9bac8d6ca264766461deae86cdd58c174ecb26cdf2222e8e489c4132 HTTP/1.1" 200 1487 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.094 1796 0.094) gunicorn-web stdout | 2025-11-04 09:08:31,977 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/7d/7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd HTTP/1.1" 200 1455 gunicorn-web stdout | 2025-11-04 09:08:31,977 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjsda-29pn52-c88', 'x-amz-id-2': 'mhkcjsda-29pn52-c88', 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1455', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:31,977 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:31,977 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:31,978 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:31,978 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,978 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:31,978 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjsda-29pn52-c88', 'HostId': 'mhkcjsda-29pn52-c88', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjsda-29pn52-c88', 'x-amz-id-2': 'mhkcjsda-29pn52-c88', 'etag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'last-modified': 'Tue, 04 Nov 2025 08:27:26 GMT', 'content-type': 'application/octet-stream', 'content-length': '1455', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 27, 26, tzinfo=tzutc()), 'ContentLength': 1455, 'ETag': '"43ec83917cf72c703c54602b8df9ca01-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:31,979 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:31,984 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [9, 'sha256:7de93b022bd110e0ff9fa8b313dbed25b5993a25c9fe3aca9f030a5ff2647dbd', 1, 9, 'sha256:55b62457923c4f107ac9cb1d535ca1afbdad4b04bae1ffcbebd9f2f381378eca', 1]) gunicorn-web stdout | 2025-11-04 09:08:31,990 [248] [DEBUG] [app] Ending request: urn:request:b940173a-153d-443d-b180-bf006eceda27 (/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:b940173a-153d-443d-b180-bf006eceda27', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'path': '/api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:31,990 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:31,991 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.0" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:31 +0000] "GET /api/v1/repository/superorg/repo1/manifest/sha256:ac0e2006c03b435ee605c4bf84464d9fb665353643fa6295962bd69c23ced5dc HTTP/1.1" 200 1490 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/superorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.090 1796 0.089) gunicorn-registry stdout | 2025-11-04 09:08:33,730 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,736 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,835 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,841 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,856 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,861 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,851 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,866 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:08:33,853 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:34,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:44.140529+00:00 (in 9.999123 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:44 GMT)" (scheduled at 2025-11-04 09:08:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:08:34,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 34, 141768), True, datetime.datetime(2025, 11, 4, 9, 8, 34, 141768), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:08:34,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:08:34,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:34,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:44 GMT)" executed successfully gcworker stdout | 2025-11-04 09:08:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:08:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:55.956600+00:00 (in 21.003660 seconds) gcworker stdout | 2025-11-04 09:08:34,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:04 GMT)" (scheduled at 2025-11-04 09:08:34.952363+00:00) gcworker stdout | 2025-11-04 09:08:34,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037714953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:08:34,966 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:08:34,966 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:08:34,966 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:04 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:36,096 [246] [DEBUG] [app] Starting request: urn:request:f40bd1ed-4f0a-4b81-8810-0f2cbc72548a (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,096 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,096 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,096 [249] [DEBUG] [app] Starting request: urn:request:d135bbae-003e-4f05-aca4-26c50ef6fbf4 (/api/v1/organization/quayorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,097 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,097 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,097 [247] [DEBUG] [app] Starting request: urn:request:be862f56-943b-46a0-957e-332616c76ec6 (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,097 [248] [DEBUG] [app] Starting request: urn:request:57bde02b-333f-4046-8b05-046c5f406958 (/api/v1/organization/quayorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,097 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,097 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,097 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,097 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,097 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,097 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,098 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,098 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,109 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,109 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,109 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,109 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,110 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,110 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,110 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,110 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,111 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:08:36,112 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,112 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,113 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,113 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,113 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,113 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,114 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,115 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:36,117 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,117 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,117 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,117 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,118 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,119 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,119 [249] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quayorg+%']) gunicorn-web stdout | 2025-11-04 09:08:36,119 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,119 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,119 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,120 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,120 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,120 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,120 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,120 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,120 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:36,122 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:36,123 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:36,123 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:36,125 [249] [DEBUG] [app] Ending request: urn:request:d135bbae-003e-4f05-aca4-26c50ef6fbf4 (/api/v1/organization/quayorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:d135bbae-003e-4f05-aca4-26c50ef6fbf4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/quayorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,125 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,126 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.031 1739 0.031) gunicorn-web stdout | 2025-11-04 09:08:36,126 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,127 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [2, False]) gunicorn-web stdout | 2025-11-04 09:08:36,127 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:36,127 [249] [DEBUG] [app] Starting request: urn:request:4bf6cec9-2813-4286-8fac-1c55cf9a6665 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,127 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,127 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,128 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,130 [247] [DEBUG] [app] Ending request: urn:request:be862f56-943b-46a0-957e-332616c76ec6 (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:be862f56-943b-46a0-957e-332616c76ec6', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,130 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,130 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,130 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,130 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,130 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,131 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,131 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.035 1699 0.034) gunicorn-web stdout | 2025-11-04 09:08:36,131 [248] [DEBUG] [app] Ending request: urn:request:57bde02b-333f-4046-8b05-046c5f406958 (/api/v1/organization/quayorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:57bde02b-333f-4046-8b05-046c5f406958', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/members', 'path': '/api/v1/organization/quayorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,132 [247] [DEBUG] [app] Starting request: urn:request:fcd8f5c1-e663-4237-81c1-9ca86903a2c2 (/api/v1/organization/superorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,132 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,132 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,132 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,132 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/members HTTP/1.0" 200 400 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/members HTTP/1.1" 200 400 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.036 1711 0.036) gunicorn-web stdout | 2025-11-04 09:08:36,132 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,133 [248] [DEBUG] [app] Starting request: urn:request:e02f78d4-1dee-4101-842e-0c14e5086d21 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,133 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,133 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,134 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,135 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,138 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,138 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,138 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,139 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,139 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,139 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,139 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,139 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,139 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,140 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,141 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,143 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,143 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,143 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,144 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quayorg', 1, 3, 1, 'quayorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:36,144 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,144 [246] [DEBUG] [app] Ending request: urn:request:f40bd1ed-4f0a-4b81-8810-0f2cbc72548a (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:f40bd1ed-4f0a-4b81-8810-0f2cbc72548a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,145 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,145 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,145 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,145 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,145 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1703 0.050) gunicorn-web stdout | 2025-11-04 09:08:36,146 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,146 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,146 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,146 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,146 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,146 [246] [DEBUG] [app] Starting request: urn:request:4e26cfa0-468e-4e67-aebb-9e7ab43cb18f (/api/v1/organization/superorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,146 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,146 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,147 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,147 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,147 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,147 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,147 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,147 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,148 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,149 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s, %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [1, 10, None, 1762247316149, False]) gunicorn-web stdout | 2025-11-04 09:08:36,151 [248] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'superorg', 1, 3, 1, 'superorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,153 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,154 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:36,154 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:36,156 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [9, None, 1762247316156, False]) gunicorn-web stdout | 2025-11-04 09:08:36,157 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:36,157 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,157 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,157 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,157 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s, %s))', [1, 10]) gunicorn-web stdout | 2025-11-04 09:08:36,158 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,158 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,158 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,158 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,159 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,160 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [3]) gunicorn-web stdout | 2025-11-04 09:08:36,161 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:36,161 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,163 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,163 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,163 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,163 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,163 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,164 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,164 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,164 [248] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s))', [9]) gunicorn-web stdout | 2025-11-04 09:08:36,165 [249] [DEBUG] [app] Ending request: urn:request:4bf6cec9-2813-4286-8fac-1c55cf9a6665 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:4bf6cec9-2813-4286-8fac-1c55cf9a6665', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quayorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quayorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,165 [246] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'superorg+%']) gunicorn-web stdout | 2025-11-04 09:08:36,165 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.1" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.069 1742 0.069) gunicorn-web stdout | 2025-11-04 09:08:36,166 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.0" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,166 [249] [DEBUG] [app] Starting request: urn:request:7920cb3d-7aed-42c5-a415-bae36002d207 (/api/v1/organization/quay/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,167 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,167 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,167 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,167 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,167 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:36,170 [246] [DEBUG] [app] Ending request: urn:request:4e26cfa0-468e-4e67-aebb-9e7ab43cb18f (/api/v1/organization/superorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:4e26cfa0-468e-4e67-aebb-9e7ab43cb18f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/superorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,170 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:36,170 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,171 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,171 [248] [DEBUG] [app] Ending request: urn:request:e02f78d4-1dee-4101-842e-0c14e5086d21 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:e02f78d4-1dee-4101-842e-0c14e5086d21', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=superorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'superorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/superorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.067 1740 0.067) gunicorn-web stdout | 2025-11-04 09:08:36,171 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,172 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.0" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=superorg&public=true HTTP/1.1" 200 258 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.067 1743 0.067) gunicorn-web stdout | 2025-11-04 09:08:36,173 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,177 [247] [DEBUG] [app] Ending request: urn:request:fcd8f5c1-e663-4237-81c1-9ca86903a2c2 (/api/v1/organization/superorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:fcd8f5c1-e663-4237-81c1-9ca86903a2c2', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg', 'path': '/api/v1/organization/superorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,177 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,178 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/superorg HTTP/1.0" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/superorg HTTP/1.1" 200 802 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.082 1704 0.081) gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,178 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,179 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,183 [249] [DEBUG] [app] Ending request: urn:request:7920cb3d-7aed-42c5-a415-bae36002d207 (/api/v1/organization/quay/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:7920cb3d-7aed-42c5-a415-bae36002d207', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quay/members', 'path': '/api/v1/organization/quay/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,183 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,184 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quay/members HTTP/1.0" 404 248 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quay/members HTTP/1.1" 404 248 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.079 1708 0.079) gunicorn-web stdout | 2025-11-04 09:08:36,464 [246] [DEBUG] [app] Starting request: urn:request:0d660630-c74e-4358-82c6-8dae859213be (/api/v1/superuser/organizations/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,465 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,465 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,466 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,466 [249] [DEBUG] [app] Starting request: urn:request:64cf0c03-828e-4258-9131-e9e3f3603c84 (/api/v1/organization/superorg/members) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,466 [248] [DEBUG] [app] Starting request: urn:request:5dbbdbae-7f1f-4b97-b596-411c57fdc29d (/api/v1/superuser/registrysize/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,466 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,466 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,466 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,466 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,467 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,467 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,478 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,479 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,479 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,479 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:36,479 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,479 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,479 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,479 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,480 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,480 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,480 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,480 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,480 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [True, False]) gunicorn-web stdout | 2025-11-04 09:08:36,482 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,482 [247] [DEBUG] [app] Starting request: urn:request:cdb6bd44-cf02-48de-a4f8-cbb74e4505b4 (/api/v1/organization/quay/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,482 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,482 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,483 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,484 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,484 [248] [DEBUG] [app] Ending request: urn:request:5dbbdbae-7f1f-4b97-b596-411c57fdc29d (/api/v1/superuser/registrysize/) {'endpoint': 'api.superuserregistrysize', 'request_id': 'urn:request:5dbbdbae-7f1f-4b97-b596-411c57fdc29d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/registrysize/', 'path': '/api/v1/superuser/registrysize/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,484 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,485 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.0" 200 71 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/registrysize/ HTTP/1.1" 200 71 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.020 1706 0.020) gunicorn-web stdout | 2025-11-04 09:08:36,486 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,486 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,487 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,487 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,487 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,487 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,487 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,488 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:36,488 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'superorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,491 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,492 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "teammember" AS "t3" INNER JOIN "team" AS "t1" ON ("t3"."team_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t3"."user_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [4]) gunicorn-web stdout | 2025-11-04 09:08:36,494 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,494 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,494 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,494 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,495 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,495 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,495 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,495 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,495 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,495 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,496 [247] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quay+%']) gunicorn-web stdout | 2025-11-04 09:08:36,496 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."namespace_user_id", "t2"."name", "t2"."visibility_id", "t2"."description", "t2"."badge_token", "t2"."kind_id", "t2"."trust_enabled", "t2"."state", "t3"."id", "t3"."uuid", "t3"."username", "t3"."password_hash", "t3"."email", "t3"."verified", "t3"."stripe_id", "t3"."organization", "t3"."robot", "t3"."invoice_email", "t3"."invalid_login_attempts", "t3"."last_invalid_login", "t3"."removed_tag_expiration_s", "t3"."enabled", "t3"."invoice_email_address", "t3"."given_name", "t3"."family_name", "t3"."company", "t3"."location", "t3"."maximum_queued_builds_count", "t3"."creation_date", "t3"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t1"."user_id" = "t3"."id") WHERE (("t2"."namespace_user_id" = %s) AND ("t3"."robot" = %s))', [4, False]) gunicorn-web stdout | 2025-11-04 09:08:36,498 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,501 [249] [DEBUG] [app] Ending request: urn:request:64cf0c03-828e-4258-9131-e9e3f3603c84 (/api/v1/organization/superorg/members) {'endpoint': 'api.organizationmemberlist', 'request_id': 'urn:request:64cf0c03-828e-4258-9131-e9e3f3603c84', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/superorg/members', 'path': '/api/v1/organization/superorg/members', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,501 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/superorg/members HTTP/1.1" 200 388 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.036 1712 0.037) gunicorn-web stdout | 2025-11-04 09:08:36,502 [247] [DEBUG] [app] Ending request: urn:request:cdb6bd44-cf02-48de-a4f8-cbb74e4505b4 (/api/v1/organization/quay/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:cdb6bd44-cf02-48de-a4f8-cbb74e4505b4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quay/robots?permissions=true&token=false', 'path': '/api/v1/organization/quay/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,502 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/superorg/members HTTP/1.0" 200 388 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,502 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['superorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,502 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,503 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quay/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quay/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.022 1736 0.022) gunicorn-web stdout | 2025-11-04 09:08:36,504 [249] [DEBUG] [app] Starting request: urn:request:e6a50749-60f4-47e0-b716-4a6fd4ff7510 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,504 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,504 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,505 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,506 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['superorg']) gunicorn-web stdout | 2025-11-04 09:08:36,509 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [4, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,512 [246] [DEBUG] [app] Ending request: urn:request:0d660630-c74e-4358-82c6-8dae859213be (/api/v1/superuser/organizations/) {'endpoint': 'api.superuserorganizationlist', 'request_id': 'urn:request:0d660630-c74e-4358-82c6-8dae859213be', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/organizations/', 'path': '/api/v1/superuser/organizations/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,513 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,513 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.0" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/organizations/ HTTP/1.1" 200 693 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1707 0.050) gunicorn-web stdout | 2025-11-04 09:08:36,515 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,515 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,515 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,515 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,515 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,515 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,516 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,516 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,516 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,520 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quay', 1, 3, 1, 'quay', 101]) gunicorn-web stdout | 2025-11-04 09:08:36,525 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) gunicorn-web stdout | 2025-11-04 09:08:36,529 [249] [DEBUG] [app] Ending request: urn:request:e6a50749-60f4-47e0-b716-4a6fd4ff7510 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:e6a50749-60f4-47e0-b716-4a6fd4ff7510', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quay&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quay', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,529 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.026 1739 0.026) gunicorn-web stdout | 2025-11-04 09:08:36,530 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=quay&public=true HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,636 [246] [DEBUG] [app] Starting request: urn:request:d80f5b49-70c1-4c50-8752-e88b44a01bfc (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,636 [248] [DEBUG] [app] Starting request: urn:request:adc16c83-a582-4568-91d0-ea3611a8e3b1 (/api/v1/superuser/users/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,636 [249] [DEBUG] [app] Starting request: urn:request:77afcb5f-3b46-4e28-bebb-7353084292a1 (/api/v1/repository) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,636 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,636 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,636 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,636 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,636 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,637 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,637 [247] [DEBUG] [app] Starting request: urn:request:32b4f6af-1f5e-4047-8892-1ae1f537499d (/api/v1/organization/quayorg/quota) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,637 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,637 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,637 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,637 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,637 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,638 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,648 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,648 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,648 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,649 [248] [DEBUG] [endpoints.api] Checking fresh login for user quay: Last login at 2025-11-04 09:06:25+00:00 gunicorn-web stdout | 2025-11-04 09:08:36,649 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,649 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,649 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,649 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,649 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,649 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,649 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,649 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,650 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,650 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,650 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,650 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,650 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,650 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,650 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,650 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,650 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,650 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ((("t1"."organization" = %s) AND ("t1"."robot" = %s)) AND ("t1"."id" NOT IN (SELECT "t2"."namespace_id" FROM "deletednamespace" AS "t2")))', [False, False]) gunicorn-web stdout | 2025-11-04 09:08:36,650 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quay', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,651 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,652 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,653 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:36,654 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,654 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,654 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,654 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,654 [249] [DEBUG] [peewee] ('(SELECT DISTINCT "t1"."name", "t1"."id" AS "rid", "t1"."description", "t2"."username", "t1"."visibility_id", "t1"."kind_id", "t1"."state" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") LEFT OUTER JOIN "repositorypermission" AS "t3" ON ("t3"."repository_id" = "t1"."id") WHERE (((("t1"."state" != %s) AND ("t1"."kind_id" = %s)) AND ("t2"."username" = %s)) AND ("t1"."visibility_id" = %s))) UNION (SELECT DISTINCT "t4"."name", "t4"."id" AS "rid", "t4"."description", "t5"."username", "t4"."visibility_id", "t4"."kind_id", "t4"."state" FROM "repository" AS "t4" INNER JOIN "user" AS "t5" ON ("t4"."namespace_user_id" = "t5"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."repository_id" = "t4"."id") WHERE ((("t4"."state" != %s) AND ("t4"."kind_id" = %s)) AND ("t5"."username" = %s))) ORDER BY rid LIMIT %s', [3, 1, 'quayorg', 1, 3, 1, 'quayorg', 101]) gunicorn-web stdout | 2025-11-04 09:08:36,656 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,656 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,657 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,657 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,660 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:08:36,660 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", Max("t1"."lifetime_start_ms") FROM "tag" AS "t1" WHERE ((("t1"."repository_id" IN (%s, %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) GROUP BY "t1"."repository_id"', [1, 10, None, 1762247316660, False]) gunicorn-web stdout | 2025-11-04 09:08:36,661 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,661 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,661 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,661 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,662 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,662 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,662 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,662 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,662 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:36,663 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,664 [247] [DEBUG] [app] Ending request: urn:request:32b4f6af-1f5e-4047-8892-1ae1f537499d (/api/v1/organization/quayorg/quota) {'endpoint': 'api.organizationquotalist', 'request_id': 'urn:request:32b4f6af-1f5e-4047-8892-1ae1f537499d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/quota', 'path': '/api/v1/organization/quayorg/quota', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,665 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,665 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/quota HTTP/1.0" 200 3 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,665 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name", "t1"."id" AS "rid" FROM "repository" AS "t1" INNER JOIN "star" AS "t4" ON ("t4"."repository_id" = "t1"."id") INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "visibility" AS "t3" ON ("t1"."visibility_id" = "t3"."id") WHERE ((("t4"."user_id" = %s) AND ("t1"."kind_id" = %s)) AND ("t1"."state" != %s))', [1, 1, 3]) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/quota HTTP/1.1" 200 3 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.030 1717 0.030) gunicorn-web stdout | 2025-11-04 09:08:36,666 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:36,666 [248] [DEBUG] [app] Ending request: urn:request:adc16c83-a582-4568-91d0-ea3611a8e3b1 (/api/v1/superuser/users/) {'endpoint': 'api.superuserlist', 'request_id': 'urn:request:adc16c83-a582-4568-91d0-ea3611a8e3b1', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/superuser/users/', 'path': '/api/v1/superuser/users/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,667 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:36,667 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/users/ HTTP/1.0" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/superuser/users/ HTTP/1.1" 200 426 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.032 1707 0.032) gunicorn-web stdout | 2025-11-04 09:08:36,669 [249] [DEBUG] [peewee] ('SELECT "t1"."repository_id", "t1"."size_bytes" FROM "quotarepositorysize" AS "t1" WHERE ("t1"."repository_id" IN (%s, %s))', [1, 10]) gunicorn-web stdout | 2025-11-04 09:08:36,670 [246] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:36,672 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,672 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,672 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,672 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,672 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,673 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,676 [249] [DEBUG] [app] Ending request: urn:request:77afcb5f-3b46-4e28-bebb-7353084292a1 (/api/v1/repository) {'endpoint': 'api.repositorylist', 'request_id': 'urn:request:77afcb5f-3b46-4e28-bebb-7353084292a1', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository?last_modified=true&namespace=quayorg&public=true', 'path': '/api/v1/repository', 'parameters': {'last_modified': 'true', 'namespace': 'quayorg', 'public': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,676 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.1" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.041 1750 0.041) gunicorn-web stdout | 2025-11-04 09:08:36,676 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/repository?last_modified=true&namespace=quayorg&public=true HTTP/1.0" 200 501 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,677 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,681 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:36,684 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,688 [246] [DEBUG] [app] Ending request: urn:request:d80f5b49-70c1-4c50-8752-e88b44a01bfc (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:d80f5b49-70c1-4c50-8752-e88b44a01bfc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,688 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.054 1711 0.054) gunicorn-web stdout | 2025-11-04 09:08:36,689 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,818 [247] [DEBUG] [app] Starting request: urn:request:6d930da4-d5d0-475c-b754-6ff59e6c7330 (/api/v1/organization/quayorg/prototypes) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,818 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,819 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,819 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,832 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,833 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,838 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,839 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,843 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."org_id", "t1"."uuid", "t1"."activating_user_id", "t1"."delegate_user_id", "t1"."delegate_team_id", "t1"."role_id" FROM "permissionprototype" AS "t1" LEFT OUTER JOIN "user" AS "t2" ON ("t2"."id" = "t1"."activating_user_id") LEFT OUTER JOIN "user" AS "t3" ON ("t3"."id" = "t1"."delegate_user_id") LEFT OUTER JOIN "team" AS "t4" ON ("t4"."id" = "t1"."delegate_team_id") LEFT OUTER JOIN "role" AS "t5" ON ("t5"."id" = "t1"."role_id") WHERE ("t1"."org_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:36,847 [247] [DEBUG] [app] Ending request: urn:request:6d930da4-d5d0-475c-b754-6ff59e6c7330 (/api/v1/organization/quayorg/prototypes) {'endpoint': 'api.permissionprototypelist', 'request_id': 'urn:request:6d930da4-d5d0-475c-b754-6ff59e6c7330', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/prototypes', 'path': '/api/v1/organization/quayorg/prototypes', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,847 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/prototypes HTTP/1.1" 200 19 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.031 1722 0.031) gunicorn-web stdout | 2025-11-04 09:08:36,848 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/prototypes HTTP/1.0" 200 19 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:36,850 [246] [DEBUG] [app] Starting request: urn:request:e1ebfa1c-bb82-4755-b3fc-defe44e41f49 (/api/v1/organization/quayorg/logs) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:36,850 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,850 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,851 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,863 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,865 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:36,869 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,869 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,869 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,870 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,870 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,870 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:36,870 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:36,872 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:36,876 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."kind_id", "t1"."account_id", "t1"."performer_id", "t1"."repository_id", "t1"."datetime", "t1"."ip", "t1"."metadata_json", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "logentry3" AS "t1" LEFT OUTER JOIN "user" AS "t2" ON ("t2"."id" = "t1"."performer_id") WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) ORDER BY "t1"."datetime" DESC LIMIT %s', [datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 2, 21]) gunicorn-web stdout | 2025-11-04 09:08:36,881 [246] [DEBUG] [app] Ending request: urn:request:e1ebfa1c-bb82-4755-b3fc-defe44e41f49 (/api/v1/organization/quayorg/logs) {'endpoint': 'api.orglogs', 'request_id': 'urn:request:e1ebfa1c-bb82-4755-b3fc-defe44e41f49', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/logs?starttime=10/05/2025&endtime=11/04/2025&next_page=', 'path': '/api/v1/organization/quayorg/logs', 'parameters': {'starttime': '10/05/2025', 'endtime': '11/04/2025', 'next_page': ''}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:36,881 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/logs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025&next_page= HTTP/1.1" 200 4407 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.033 1775 0.033) gunicorn-web stdout | 2025-11-04 09:08:36,882 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:36 +0000] "GET /api/v1/organization/quayorg/logs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025&next_page= HTTP/1.0" 200 4407 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:37,003 [246] [DEBUG] [app] Starting request: urn:request:ecddbae8-63ac-45de-8acf-a3a7d130c814 (/api/v1/organization/quayorg/applications) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,003 [248] [DEBUG] [app] Starting request: urn:request:8ad0e3c3-14be-4522-a31f-ecbe5a9a8774 (/api/v1/organization/quayorg/aggregatelogs) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,003 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,003 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,003 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,003 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,004 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,004 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,016 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,017 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,017 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,017 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,017 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:37,017 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,017 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,018 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,018 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,019 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:37,022 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,022 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [246] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [246] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [246] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [246] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:37,023 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,023 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,023 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,024 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,024 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,024 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,024 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:37,024 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,027 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."client_id", "t1"."secure_client_secret", "t1"."fully_migrated", "t1"."redirect_uri", "t1"."application_uri", "t1"."organization_id", "t1"."name", "t1"."description", "t1"."gravatar_email" FROM "oauthapplication" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:37,028 [248] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry3" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 2, 'day']) gunicorn-web stdout | 2025-11-04 09:08:37,030 [246] [DEBUG] [app] Ending request: urn:request:ecddbae8-63ac-45de-8acf-a3a7d130c814 (/api/v1/organization/quayorg/applications) {'endpoint': 'api.organizationapplications', 'request_id': 'urn:request:ecddbae8-63ac-45de-8acf-a3a7d130c814', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/applications', 'path': '/api/v1/organization/quayorg/applications', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,031 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:37,031 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg/applications HTTP/1.0" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg/applications HTTP/1.1" 200 21 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.029 1724 0.029) gunicorn-web stdout | 2025-11-04 09:08:37,033 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,037 [248] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry2" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 2, 'day']) gunicorn-web stdout | 2025-11-04 09:08:37,040 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,044 [248] [DEBUG] [peewee] ('SELECT "t1"."kind_id", EXTRACT(%s FROM "t1"."datetime") AS "day", Count("t1"."id") AS "count" FROM "logentry" AS "t1" WHERE ((("t1"."datetime" >= %s) AND ("t1"."datetime" < %s)) AND ("t1"."account_id" = %s)) GROUP BY EXTRACT(%s FROM "t1"."datetime"), "t1"."kind_id"', ['day', datetime.datetime(2025, 10, 5, 0, 0), datetime.datetime(2025, 11, 5, 0, 0), 2, 'day']) gunicorn-web stdout | 2025-11-04 09:08:37,048 [248] [DEBUG] [app] Ending request: urn:request:8ad0e3c3-14be-4522-a31f-ecbe5a9a8774 (/api/v1/organization/quayorg/aggregatelogs) {'endpoint': 'api.orgaggregatelogs', 'request_id': 'urn:request:8ad0e3c3-14be-4522-a31f-ecbe5a9a8774', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/aggregatelogs?starttime=10/05/2025&endtime=11/04/2025', 'path': '/api/v1/organization/quayorg/aggregatelogs', 'parameters': {'starttime': '10/05/2025', 'endtime': '11/04/2025'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,048 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg/aggregatelogs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025 HTTP/1.1" 200 264 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.047 1773 0.047) gunicorn-web stdout | 2025-11-04 09:08:37,049 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg/aggregatelogs?starttime=10%2F05%2F2025&endtime=11%2F04%2F2025 HTTP/1.0" 200 264 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" securityworker stdout | 2025-11-04 09:08:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:08:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:51.254713+00:00 (in 14.001809 seconds) securityworker stdout | 2025-11-04 09:08:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:07 GMT)" (scheduled at 2025-11-04 09:08:37.252445+00:00) securityworker stdout | 2025-11-04 09:08:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:08:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:08:37,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:08:37,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:08:37,267 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:08:37,268 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:07 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:37,387 [249] [DEBUG] [app] Starting request: urn:request:54fb125f-ce6d-44ec-be13-9e7eb531254f (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,387 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,387 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,388 [248] [DEBUG] [app] Starting request: urn:request:5ffd1351-f7a1-4b49-9c26-1af097ec1213 (/api/v1/organization/quayorg/robots) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,388 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,388 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,387 [247] [DEBUG] [app] Starting request: urn:request:28f7ce99-965c-4285-bc51-ce1ec125efe5 (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,388 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,388 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,388 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,388 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,389 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,400 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,400 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,400 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,400 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,400 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,401 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,401 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,401 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,402 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,402 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:37,404 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,404 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,405 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,405 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,405 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,405 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,405 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,405 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,406 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,406 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,407 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:37,407 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,407 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,408 [248] [DEBUG] [peewee] ('SELECT "t1"."username", "t1"."creation_date", "t1"."last_accessed", "t2"."token", "t3"."description", "t3"."unstructured_json", "t4"."name", "t5"."name" FROM "user" AS "t1" LEFT OUTER JOIN "robotaccountmetadata" AS "t3" ON ("t3"."robot_account_id" = "t1"."id") INNER JOIN "robotaccounttoken" AS "t2" ON ("t2"."robot_account_id" = "t1"."id") LEFT OUTER JOIN "repositorypermission" AS "t6" ON ("t6"."user_id" = "t2"."robot_account_id") LEFT OUTER JOIN "repository" AS "t4" ON ("t6"."repository_id" = "t4"."id") LEFT OUTER JOIN "teammember" AS "t7" ON ("t7"."user_id" = "t1"."id") LEFT OUTER JOIN "team" AS "t5" ON ("t7"."team_id" = "t5"."id") WHERE (("t1"."robot" = %s) AND ("t1"."username" ILIKE %s)) ORDER BY "t1"."last_accessed" DESC', [True, 'quayorg+%']) gunicorn-web stdout | 2025-11-04 09:08:37,411 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:37,412 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,412 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:37,413 [247] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,413 [247] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,413 [247] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,413 [247] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:37,413 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:37,414 [248] [DEBUG] [app] Ending request: urn:request:5ffd1351-f7a1-4b49-9c26-1af097ec1213 (/api/v1/organization/quayorg/robots) {'endpoint': 'api.orgrobotlist', 'request_id': 'urn:request:5ffd1351-f7a1-4b49-9c26-1af097ec1213', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg/robots?permissions=true&token=false', 'path': '/api/v1/organization/quayorg/robots', 'parameters': {'permissions': 'true', 'token': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,415 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:37,415 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.0" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg/robots?permissions=true&token=false HTTP/1.1" 200 15 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.028 1747 0.029) gunicorn-web stdout | 2025-11-04 09:08:37,416 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:37,416 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:37,419 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:37,420 [247] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:37,422 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,422 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,422 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,422 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,423 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:37,423 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,423 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,423 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,423 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,423 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:37,426 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,427 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,429 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:37,431 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:37,432 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,434 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,436 [249] [DEBUG] [app] Ending request: urn:request:54fb125f-ce6d-44ec-be13-9e7eb531254f (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:54fb125f-ce6d-44ec-be13-9e7eb531254f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,436 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:37,437 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.050 1711 0.050) gunicorn-web stdout | 2025-11-04 09:08:37,437 [247] [DEBUG] [app] Ending request: urn:request:28f7ce99-965c-4285-bc51-ce1ec125efe5 (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:28f7ce99-965c-4285-bc51-ce1ec125efe5', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,438 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:37,438 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization/quayorg" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1711 0.052) namespacegcworker stdout | 2025-11-04 09:08:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:08:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:07.444700+00:00 (in 29.997344 seconds) namespacegcworker stdout | 2025-11-04 09:08:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:37 GMT)" (scheduled at 2025-11-04 09:08:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:08:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:08:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:08:37,702 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:37,876 [249] [DEBUG] [app] Starting request: urn:request:fd0dc3e0-8327-4512-a786-dcf00e375039 (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,877 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,877 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,878 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,878 [246] [DEBUG] [app] Starting request: urn:request:f242c4ac-9274-4127-81a5-7e22cd8bef2e (/api/v1/repository/quayorg/repo1) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:37,878 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,878 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,879 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,889 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,889 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,889 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,890 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,890 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:37,890 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:37,890 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,891 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:37,891 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,891 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,891 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,891 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,892 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:37,893 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,893 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,893 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,893 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,894 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) notificationworker stdout | 2025-11-04 09:08:37,894 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:37,897 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,898 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:37,899 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,899 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,899 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,899 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,899 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,900 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:08:37,900 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:08:37,900 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:08:37,903 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:37,904 [246] [DEBUG] [endpoints.api.repository] Get repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:37,905 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,907 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:08:37,908 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."repository_id", "t1"."created" FROM "star" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."user_id" = %s)) LIMIT %s OFFSET %s', [10, 1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,909 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,910 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,910 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,910 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,910 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:37,912 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."count", "t1"."date" FROM "repositoryactioncount" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."date" >= %s))', [10, datetime.date(2025, 8, 4)]) gunicorn-web stdout | 2025-11-04 09:08:37,913 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,915 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,915 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:37,916 [246] [DEBUG] [app] Ending request: urn:request:f242c4ac-9274-4127-81a5-7e22cd8bef2e (/api/v1/repository/quayorg/repo1) {'endpoint': 'api.repository', 'request_id': 'urn:request:f242c4ac-9274-4127-81a5-7e22cd8bef2e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1?includeStats=true&includeTags=false', 'path': '/api/v1/repository/quayorg/repo1', 'parameters': {'includeStats': 'true', 'includeTags': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,917 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:37,917 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/repository/quayorg/repo1?includeStats=true&includeTags=false HTTP/1.0" 200 3624 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/repository/quayorg/repo1?includeStats=true&includeTags=false HTTP/1.1" 200 3624 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.041 1755 0.041) gunicorn-web stdout | 2025-11-04 09:08:37,917 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:08:37,920 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:37,923 [249] [DEBUG] [app] Ending request: urn:request:fd0dc3e0-8327-4512-a786-dcf00e375039 (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:fd0dc3e0-8327-4512-a786-dcf00e375039', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:37,924 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:37,924 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:37 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1715 0.049) notificationworker stdout | 2025-11-04 09:08:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:49.156372+00:00 (in 9.999533 seconds) notificationworker stdout | 2025-11-04 09:08:39,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:49 GMT)" (scheduled at 2025-11-04 09:08:39.156372+00:00) notificationworker stdout | 2025-11-04 09:08:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:08:39,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 39, 157297), True, datetime.datetime(2025, 11, 4, 9, 8, 39, 157297), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:08:39,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:08:39,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:08:39,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:39,517 [247] [DEBUG] [app] Starting request: urn:request:7b659415-d15b-4303-a810-6f1a772159e6 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:39,518 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:39,521 [264] [DEBUG] [app] Starting request: urn:request:8b90ebd0-63c3-41c7-8040-2f6f855eaec9 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:39,521 [264] [DEBUG] [app] Ending request: urn:request:8b90ebd0-63c3-41c7-8040-2f6f855eaec9 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:8b90ebd0-63c3-41c7-8040-2f6f855eaec9', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:39,522 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:39,522 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:08:39,523 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:39,525 [247] [DEBUG] [app] Starting request: urn:request:9f6b96b7-afb9-4232-83f5-6f631bff626a (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:39,525 [247] [DEBUG] [app] Ending request: urn:request:9f6b96b7-afb9-4232-83f5-6f631bff626a (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:9f6b96b7-afb9-4232-83f5-6f631bff626a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:08:39,525 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:39,526 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:39,526 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:39,526 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:39,526 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:39,534 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:39,534 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:39,544 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:39,547 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:39,550 [247] [DEBUG] [app] Ending request: urn:request:7b659415-d15b-4303-a810-6f1a772159e6 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:7b659415-d15b-4303-a810-6f1a772159e6', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:39,550 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:39,550 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.034 118 0.034) gunicorn-web stdout | 2025-11-04 09:08:39,588 [246] [DEBUG] [app] Starting request: urn:request:dfa0570f-7250-495a-a6ef-0b45f767ea93 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:39,589 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:39,592 [260] [DEBUG] [app] Starting request: urn:request:ebdda745-6021-483b-9b4b-a54e23697490 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:39,593 [260] [DEBUG] [app] Ending request: urn:request:ebdda745-6021-483b-9b4b-a54e23697490 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:ebdda745-6021-483b-9b4b-a54e23697490', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.005 162 0.005) gunicorn-web stdout | 2025-11-04 09:08:39,594 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-registry stdout | 2025-11-04 09:08:39,594 [260] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:39,595 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:39,597 [246] [DEBUG] [app] Starting request: urn:request:f0bc1ff4-be08-4c44-a7b7-8e9baa6b10ef (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:39,597 [246] [DEBUG] [app] Ending request: urn:request:f0bc1ff4-be08-4c44-a7b7-8e9baa6b10ef (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:f0bc1ff4-be08-4c44-a7b7-8e9baa6b10ef', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:08:39,597 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:39,598 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:39,598 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:39,598 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:39,598 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:39,608 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:39,608 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:39,618 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:39,622 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:39,624 [246] [DEBUG] [app] Ending request: urn:request:dfa0570f-7250-495a-a6ef-0b45f767ea93 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:dfa0570f-7250-495a-a6ef-0b45f767ea93', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:39,625 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:39,625 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.038 118 0.038) gunicorn-web stdout | 2025-11-04 09:08:40,121 [249] [DEBUG] [app] Starting request: urn:request:87483045-a971-431e-ba73-aa599016039c (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:40,121 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,121 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,122 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,135 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,138 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:40,143 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,144 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:40,151 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,156 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,159 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,162 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,166 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, None, 1762247320166, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,172 [249] [DEBUG] [app] Ending request: urn:request:87483045-a971-431e-ba73-aa599016039c (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:87483045-a971-431e-ba73-aa599016039c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:40,172 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:40 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1770 0.053) gunicorn-web stdout | 2025-11-04 09:08:40,173 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:40 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:40,688 [246] [DEBUG] [app] Starting request: urn:request:b362d013-fa91-4f1a-b9b9-09a7dae9e034 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:40,688 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,688 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,689 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,702 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:40,702 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:40,703 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,703 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:40,703 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:40,703 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,703 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,703 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,704 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:40,710 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:40,712 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:40,717 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,722 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,725 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,728 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,732 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', None, 1762247320731, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:40,737 [246] [DEBUG] [app] Ending request: urn:request:b362d013-fa91-4f1a-b9b9-09a7dae9e034 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:b362d013-fa91-4f1a-b9b9-09a7dae9e034', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:40,738 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:40,738 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:40 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.0" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:40 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.1" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.052 1817 0.052) autopruneworker stdout | 2025-11-04 09:08:41,028 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:41,099 [249] [DEBUG] [app] Starting request: urn:request:81519353-7eec-471b-bea1-96297289b294 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:41,099 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,099 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,100 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,113 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:41,113 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:41,113 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,113 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:41,114 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,114 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,114 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,114 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,116 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,121 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,122 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,128 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,133 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,136 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,139 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,143 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247321142, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,149 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247321148, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,154 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,157 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,161 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['ef9abce7-c4cd-4ded-b01d-2c5ccca4b9ee']) gunicorn-web stdout | 2025-11-04 09:08:41,164 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:41,165 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'} gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,166 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090841Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090841Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 58982fc6ae19f53912ad3f62d197bcec0d3aa2c3a1971946b7dd741d0bc69859 gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 48809a1254514f64463d3c78cf32f87228ea13f0dba9fc2cb80a67e3d055d375 gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,167 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090841Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=48809a1254514f64463d3c78cf32f87228ea13f0dba9fc2cb80a67e3d055d375', 'amz-sdk-invocation-id': b'ad96f8c4-d3a0-4a6a-91d3-7261dc1b561c', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:41,168 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:41,168 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:41,215 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee HTTP/1.1" 200 1463 gunicorn-web stdout | 2025-11-04 09:08:41,215 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjzhs-65dzlh-18a1', 'x-amz-id-2': 'mhkcjzhs-65dzlh-18a1', 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1463', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:41 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:41,215 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:41,216 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:41,216 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:41,216 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,216 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:41,216 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcjzhs-65dzlh-18a1', 'HostId': 'mhkcjzhs-65dzlh-18a1', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcjzhs-65dzlh-18a1', 'x-amz-id-2': 'mhkcjzhs-65dzlh-18a1', 'etag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'content-type': 'application/octet-stream', 'content-length': '1463', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:41 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 46, tzinfo=tzutc()), 'ContentLength': 1463, 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:41,218 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,222 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 1, 10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,226 [249] [DEBUG] [app] Ending request: urn:request:81519353-7eec-471b-bea1-96297289b294 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:81519353-7eec-471b-bea1-96297289b294', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:41,227 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:41 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.131 1794 0.131) gunicorn-web stdout | 2025-11-04 09:08:41,228 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:41 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:41,602 [247] [DEBUG] [app] Starting request: urn:request:7c6d54d2-d2da-414b-8dd6-15ab24a420f6 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:41,602 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,602 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,603 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,614 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:41,614 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:41,614 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,614 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:41,614 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,615 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,615 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,615 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,616 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,621 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,623 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,629 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,633 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,637 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,640 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,643 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,647 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,651 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 gunicorn-web stdout | 2025-11-04 09:08:41,651 [247] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8; calling loader gunicorn-web stdout | 2025-11-04 09:08:41,651 [247] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:08:41,652 [247] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 gunicorn-web stdout | 2025-11-04 09:08:41,915 [247] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:08:41,932 [249] [DEBUG] [app] Starting request: urn:request:1240732c-874b-4f87-a390-419a50f64254 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:41,932 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,932 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,933 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,939 [246] [DEBUG] [app] Starting request: urn:request:a59656f1-afe7-423c-bab5-2433d6ac1b91 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:41,939 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,940 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,940 [248] [DEBUG] [app] Starting request: urn:request:ebfe26f2-ab3e-4bd0-9b71-d01769e55f0f (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:41,940 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,940 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,940 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,941 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,945 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:41,945 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:41,945 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,946 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:41,946 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,946 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,946 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,946 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,947 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,952 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:41,952 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:41,952 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,953 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:41,953 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,953 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,953 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,953 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,953 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,953 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,954 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,954 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,955 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,956 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,960 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,960 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,961 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:41,962 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,962 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:41,966 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,968 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,969 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,970 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,965 [247] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8: {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it do gunicorn-web stdout | es notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/upd gunicorn-web stdout | ater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http:// gunicorn-web stdout | bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the gunicorn-web stdout | vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0 gunicorn-web stdout | 001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of gunicorn-web stdout | thosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:41,973 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,973 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,974 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,977 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247321977, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,973 [247] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 with expiration {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'link gunicorn-web stdout | s': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package version gunicorn-web stdout | 2025-11-04 09:08:41,978 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,978 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | s:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu gunicorn-web stdout | 1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi- gunicorn-web stdout | bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can c gunicorn-web stdout | ause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubun gunicorn-web stdout | tu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:41,982 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,982 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,983 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247321982, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,986 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247321985, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,987 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247321985, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,987 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,985 [247] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 with expiration {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openS gunicorn-web stdout | 2025-11-04 09:08:41,992 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1, 0]) gunicorn-web stdout | USE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n gunicorn-web stdout | 2025-11-04 09:08:41,991 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247321991, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,992 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247321991, False, 1, 0]) gunicorn-web stdout | Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfor gunicorn-web stdout | tran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', gunicorn-web stdout | 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'n gunicorn-web stdout | ame': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - gunicorn-web stdout | 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:41,996 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['64839d2b-ddf6-483e-a320-f8d7b00033ad']) gunicorn-web stdout | 2025-11-04 09:08:41,997 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,997 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:41,999 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'} gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,001 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,001 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,001 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,002 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,002 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,002 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:42,002 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:42,002 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:42,002 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:42,003 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090842Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090842Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 6377115fbfcb57be8c201292a4ee614b4c3f9940c4ef3fbc78985f7e4c28b939 gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 8072306e0499d092f90f58f2b714e6b86f888e130b0e389480651a5be48a1208 gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090842Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8072306e0499d092f90f58f2b714e6b86f888e130b0e389480651a5be48a1208', 'amz-sdk-invocation-id': b'f759efe3-aba1-43aa-a13c-df8690d5b5bd', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:42,004 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:42,005 [247] [DEBUG] [app] Ending request: urn:request:7c6d54d2-d2da-414b-8dd6-15ab24a420f6 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:7c6d54d2-d2da-414b-8dd6-15ab24a420f6', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,005 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['f575e9f5-0cf3-43f0-8b1b-0f1457f07e69']) gunicorn-web stdout | 2025-11-04 09:08:42,005 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d2b6678e-4d11-4167-b4ca-83ed7b72ea7f']) gunicorn-web stdout | 2025-11-04 09:08:42,006 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,007 [249] [DEBUG] [app] Starting request: urn:request:8ece379b-27ce-44f6-beb3-d78663aab7bd (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,007 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,007 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,007 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:08:42,008 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,009 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:42,009 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'} gunicorn-web stdout | 2025-11-04 09:08:42,010 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,010 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'} gunicorn-web stdout | 2025-11-04 09:08:42,010 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:42,011 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,012 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,020 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,020 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,020 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.406 1824 0.406) gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,029 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,012 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:42,029 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:42,029 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:42,029 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,029 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090842Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090842Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 79a357e1c00029bcd05afd37450f92b5723673701fbc102b4022c2e80b9732d8 gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 01918f6948b8ecc47db19da63fec05a0e2c3340f0ccb29fc1d37c3e3d65f624e gunicorn-web stdout | 2025-11-04 09:08:42,029 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:42,029 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,030 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,030 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:42,030 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,030 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,030 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,030 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090842Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=01918f6948b8ecc47db19da63fec05a0e2c3340f0ccb29fc1d37c3e3d65f624e', 'amz-sdk-invocation-id': b'2911cb19-5b43-4db5-94b2-bbfd74124edb', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:42,030 [247] [DEBUG] [app] Starting request: urn:request:9d2fc22a-dccb-4030-b138-27c1b7951eb7 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,030 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:42,030 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,030 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,030 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:42,030 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,031 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090842Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:42,031 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090842Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | c459ac880c7c867344e315f9f08163de80763a1122340a3e5ae80d3e7865cf47 gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 60ef40aba4d88f7be291430df20927ddeb153a6bf028b1f91bb91662fddedd16 gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:42,031 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,032 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090842Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=60ef40aba4d88f7be291430df20927ddeb153a6bf028b1f91bb91662fddedd16', 'amz-sdk-invocation-id': b'7b629d5f-6a18-471e-8f76-c4ea167faf74', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:42,032 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:42,032 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:08:42,037 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,038 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,043 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,043 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,043 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,043 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,043 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,043 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,044 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,044 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,044 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,045 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,050 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,051 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,052 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,054 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,058 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,059 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,063 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,064 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,067 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,068 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,070 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 gunicorn-web stdout | 2025-11-04 09:08:42,070 [249] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19; calling loader gunicorn-web stdout | 2025-11-04 09:08:42,071 [249] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:08:42,071 [249] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 gunicorn-web stdout | 2025-11-04 09:08:42,072 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,072 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:08:42,072 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck046-2xk9kq-7zc', 'x-amz-id-2': 'mhkck046-2xk9kq-7zc', 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:42,072 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:42,073 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,073 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:42,073 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,073 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,073 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkck046-2xk9kq-7zc', 'HostId': 'mhkck046-2xk9kq-7zc', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck046-2xk9kq-7zc', 'x-amz-id-2': 'mhkck046-2xk9kq-7zc', 'etag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 14, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:42,074 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,076 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,077 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:08:42,077 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck05t-3x1ohu-ec9', 'x-amz-id-2': 'mhkck05t-3x1ohu-ec9', 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:42,077 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:42,078 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,078 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:42,078 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,078 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,079 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkck05t-3x1ohu-ec9', 'HostId': 'mhkck05t-3x1ohu-ec9', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck05t-3x1ohu-ec9', 'x-amz-id-2': 'mhkck05t-3x1ohu-ec9', 'etag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 7, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:42,080 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 1, 10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,080 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 HTTP/1.1" 200 1476 gunicorn-web stdout | 2025-11-04 09:08:42,080 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck05v-3y55qm-35f', 'x-amz-id-2': 'mhkck05v-3y55qm-35f', 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1476', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:42,081 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:42,080 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,081 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,081 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:42,081 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,081 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,081 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,082 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkck05v-3y55qm-35f', 'HostId': 'mhkck05v-3y55qm-35f', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck05v-3y55qm-35f', 'x-amz-id-2': 'mhkck05v-3y55qm-35f', 'etag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'content-type': 'application/octet-stream', 'content-length': '1476', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 52, tzinfo=tzutc()), 'ContentLength': 1476, 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:42,084 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,085 [249] [DEBUG] [app] Ending request: urn:request:1240732c-874b-4f87-a390-419a50f64254 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:1240732c-874b-4f87-a390-419a50f64254', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,085 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 gunicorn-web stdout | 2025-11-04 09:08:42,085 [247] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13; calling loader gunicorn-web stdout | 2025-11-04 09:08:42,085 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,085 [247] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:08:42,085 [247] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 gunicorn-web stdout | 2025-11-04 09:08:42,086 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 10, 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,086 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.154 1794 0.154) gunicorn-web stdout | 2025-11-04 09:08:42,089 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 10, 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,090 [248] [DEBUG] [app] Ending request: urn:request:ebfe26f2-ab3e-4bd0-9b71-d01769e55f0f (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:ebfe26f2-ab3e-4bd0-9b71-d01769e55f0f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,090 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,091 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.154 1794 0.154) gunicorn-web stdout | 2025-11-04 09:08:42,093 [246] [DEBUG] [app] Ending request: urn:request:a59656f1-afe7-423c-bab5-2433d6ac1b91 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:a59656f1-afe7-423c-bab5-2433d6ac1b91', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,094 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.157 1794 0.157) gunicorn-web stdout | 2025-11-04 09:08:42,094 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" manifestsubjectbackfillworker stdout | 2025-11-04 09:08:42,219 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:42,299 [249] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:08:42,304 [247] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:08:42,347 [247] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13: {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubu gunicorn-web stdout | ntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix gunicorn-web stdout | the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo gunicorn-web stdout | subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304 gunicorn-web stdout | 2025-11-04 09:08:42,348 [249] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19: {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.1 gunicorn-web stdout | ` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its sta gunicorn-web stdout | 9.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'dis gunicorn-web stdout | ndard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 gunicorn-web stdout | tribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'desc gunicorn-web stdout | - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}} gunicorn-web stdout | ription': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_co gunicorn-web stdout | de_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ' gunicorn-web stdout | 0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', ' gunicorn-web stdout | version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p gunicorn-web stdout | ` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:42,358 [247] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 with expiration {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32 gunicorn-web stdout | asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE- gunicorn-web stdout | 2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2. gunicorn-web stdout | 37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pr gunicorn-web stdout | 2025-11-04 09:08:42,362 [249] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 with expiration {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibka gunicorn-web stdout | dm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kin gunicorn-web stdout | o fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending ch gunicorn-web stdout | d': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jamm gunicorn-web stdout | aracters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0. gunicorn-web stdout | y) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version gunicorn-web stdout | 6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}}: 300s gunicorn-web stdout | _id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'f gunicorn-web stdout | ixed_in_version': '0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'na gunicorn-web stdout | me': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtim gunicorn-web stdout | eif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:42,377 [249] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 with expiration {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkad gunicorn-web stdout | m5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind gunicorn-web stdout | ': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy gunicorn-web stdout | 2025-11-04 09:08:42,377 [247] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 with expiration {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32a gunicorn-web stdout | ) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_ gunicorn-web stdout | san6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2 gunicorn-web stdout | id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remo gunicorn-web stdout | 024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.3 gunicorn-web stdout | te logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LT gunicorn-web stdout | 7.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro gunicorn-web stdout | S (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}}: 300s gunicorn-web stdout | fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CV gunicorn-web stdout | E-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249. gunicorn-web stdout | 11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found gunicorn-web stdout | in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:42,398 [249] [DEBUG] [app] Ending request: urn:request:8ece379b-27ce-44f6-beb3-d78663aab7bd (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:8ece379b-27ce-44f6-beb3-d78663aab7bd', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,399 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,400 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.462 1824 0.461) gunicorn-web stdout | 2025-11-04 09:08:42,403 [247] [DEBUG] [app] Ending request: urn:request:9d2fc22a-dccb-4030-b138-27c1b7951eb7 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:9d2fc22a-dccb-4030-b138-27c1b7951eb7', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,404 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,405 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.376 1824 0.376) gunicorn-web stdout | 2025-11-04 09:08:42,416 [249] [DEBUG] [app] Starting request: urn:request:4e2ea02c-7dc3-4971-96ef-91afc9409c1f (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,416 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,416 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,417 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,425 [248] [DEBUG] [app] Starting request: urn:request:92c2a6d6-8748-4534-b404-3661fd675be0 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,425 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,425 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,426 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,429 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,429 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,429 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,429 [247] [DEBUG] [app] Starting request: urn:request:27eb770d-5cd6-4688-b044-796c26ece530 (/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,430 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,430 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,430 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,430 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,430 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,430 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,430 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,431 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,431 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,437 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,437 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,437 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,437 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,438 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,438 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,438 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,438 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,438 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,438 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,439 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,443 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,443 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,443 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,444 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,444 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,444 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,444 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,444 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,444 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,445 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,445 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,446 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,449 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,451 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,451 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,452 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,452 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,455 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,456 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,458 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,459 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247322459, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,459 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,462 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,463 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,464 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247322464, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,466 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247322465, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,466 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,468 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,469 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,471 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247322470, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,473 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."repository_id", "t2"."digest", "t2"."media_type_id", "t2"."manifest_bytes", "t2"."config_media_type", "t2"."layers_compressed_size", "t2"."subject", "t2"."subject_backfilled", "t2"."artifact_type", "t2"."artifact_type_backfilled" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."name" = %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'ubuntu', None, 1762247322472, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,473 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,475 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,477 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['3ba345dd-d3e5-49bf-92a4-9f3634520db3']) gunicorn-web stdout | 2025-11-04 09:08:42,477 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."tag_name", "t1"."tag_pull_count", "t1"."last_tag_pull_date", "t1"."current_manifest_digest" FROM "tagpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."tag_name" = %s)) LIMIT %s OFFSET %s', [10, 'ubuntu', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,480 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,480 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:42,480 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [10, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,481 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:42,481 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'} gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:42,482 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,483 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,484 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."manifest_digest", "t1"."manifest_pull_count", "t1"."last_manifest_pull_date" FROM "manifestpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."manifest_digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090842Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090842Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 18915eece134a60b78e4d370f61833ec114ccd59a4a35378df6ca37bb1b174c5 gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 9c1312f20a279b914f204b72e6b2b47fc605277a50245573cca0c112c4870a1c gunicorn-web stdout | 2025-11-04 09:08:42,484 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c3748d9b-83f1-4f7e-a201-a59de1165e5d']) gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,484 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090842Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=9c1312f20a279b914f204b72e6b2b47fc605277a50245573cca0c112c4870a1c', 'amz-sdk-invocation-id': b'4cede32d-7092-4f35-89b3-16ffd6d26cfe', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:42,485 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:42,487 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [10, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,488 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:08:42,489 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:08:42,489 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'} gunicorn-web stdout | 2025-11-04 09:08:42,489 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,489 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,489 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:08:42,490 [247] [DEBUG] [app] Ending request: urn:request:27eb770d-5cd6-4688-b044-796c26ece530 (/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics) {'endpoint': 'api.repositorytagpullstatistics', 'request_id': 'urn:request:27eb770d-5cd6-4688-b044-796c26ece530', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics', 'path': '/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,490 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090842Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090842Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | d2fff07cb09ccb09a096559ad6d46ab8d0c0d99f49abde40d30f298dd64bdae2 gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | f360a7c0bb7c265b8b1ff556bb31a1bce3914423daea556046103e5d9771a98c gunicorn-web stdout | 2025-11-04 09:08:42,491 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090842Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=f360a7c0bb7c265b8b1ff556bb31a1bce3914423daea556046103e5d9771a98c', 'amz-sdk-invocation-id': b'b3e74a93-86d8-4dc9-bcc7-114c5d284e21', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:08:42,491 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics HTTP/1.0" 200 291 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics HTTP/1.1" 200 291 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.063 1740 0.063) gunicorn-web stdout | 2025-11-04 09:08:42,491 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:08:42,500 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf HTTP/1.1" 200 1478 gunicorn-web stdout | 2025-11-04 09:08:42,501 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck0hi-avgtwz-1amk', 'x-amz-id-2': 'mhkck0hi-avgtwz-1amk', 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1478', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:42,501 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:42,501 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,501 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:42,501 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,501 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,502 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkck0hi-avgtwz-1amk', 'HostId': 'mhkck0hi-avgtwz-1amk', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck0hi-avgtwz-1amk', 'x-amz-id-2': 'mhkck0hi-avgtwz-1amk', 'etag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'content-type': 'application/octet-stream', 'content-length': '1478', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 58, tzinfo=tzutc()), 'ContentLength': 1478, 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:42,503 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,505 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 HTTP/1.1" 200 1461 gunicorn-web stdout | 2025-11-04 09:08:42,505 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck0ho-az7iba-pmz', 'x-amz-id-2': 'mhkck0ho-az7iba-pmz', 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1461', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:08:42,505 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:08:42,505 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:08:42,505 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:08:42,505 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,506 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:08:42,506 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkck0ho-az7iba-pmz', 'HostId': 'mhkck0ho-az7iba-pmz', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkck0ho-az7iba-pmz', 'x-amz-id-2': 'mhkck0ho-az7iba-pmz', 'etag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'content-type': 'application/octet-stream', 'content-length': '1461', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:08:42 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 21, tzinfo=tzutc()), 'ContentLength': 1461, 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:08:42,507 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 10, 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,507 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,511 [249] [DEBUG] [app] Ending request: urn:request:4e2ea02c-7dc3-4971-96ef-91afc9409c1f (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:4e2ea02c-7dc3-4971-96ef-91afc9409c1f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,511 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 10, 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,512 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,512 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.097 1794 0.097) gunicorn-web stdout | 2025-11-04 09:08:42,517 [248] [DEBUG] [app] Ending request: urn:request:92c2a6d6-8748-4534-b404-3661fd675be0 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:92c2a6d6-8748-4534-b404-3661fd675be0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:42,517 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:42,518 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:42 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.093 1794 0.093) gunicorn-web stdout | 2025-11-04 09:08:42,844 [247] [DEBUG] [app] Starting request: urn:request:cf30e49a-4de4-40ca-8695-10a89d5e598a (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,844 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,844 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,845 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,852 [246] [DEBUG] [app] Starting request: urn:request:529cd102-ed1a-498d-9b16-913e2cae5dfc (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:42,852 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,852 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,853 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,857 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,857 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,857 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,858 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,858 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,858 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,858 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,858 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,859 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,864 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:42,864 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:42,864 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,864 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:42,864 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:42,865 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,865 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,865 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,865 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,866 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,866 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,871 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:42,872 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,872 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:42,877 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,878 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,881 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,884 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,884 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,887 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,888 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,891 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,891 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,894 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,895 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 gunicorn-web stdout | 2025-11-04 09:08:42,895 [247] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284; calling loader gunicorn-web stdout | 2025-11-04 09:08:42,895 [247] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:08:42,895 [247] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 gunicorn-web stdout | 2025-11-04 09:08:42,898 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:42,901 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f gunicorn-web stdout | 2025-11-04 09:08:42,902 [246] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f; calling loader gunicorn-web stdout | 2025-11-04 09:08:42,902 [246] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:08:42,902 [246] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f pullstatsredisflushworker stdout | 2025-11-04 09:08:42,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:08:42,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:12.952336+00:00 (in 29.999573 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:08:42,952 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:12 GMT)" (scheduled at 2025-11-04 09:08:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:08:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:08:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:08:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:12 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:43,001 [247] [DEBUG] [app] Starting request: urn:request:57f2dcb0-fe52-40d5-99d8-1556a8f89250 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:08:43,001 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:43,001 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:43,002 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:43,014 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:08:43,016 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:43,021 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:08:43,022 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:08:43,028 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,033 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,037 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,041 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,044 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,049 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:08:43,052 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde gunicorn-web stdout | 2025-11-04 09:08:43,052 [247] [DEBUG] [data.cache.impl] Found no result in cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde; calling loader gunicorn-web stdout | 2025-11-04 09:08:43,053 [247] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request gunicorn-web stdout | 2025-11-04 09:08:43,053 [247] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/matcher/api/v1/vulnerability_report/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde gunicorn-web stdout | 2025-11-04 09:08:43,053 [247] [DEBUG] [urllib3.connectionpool] Starting new HTTP connection (2): quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 gunicorn-web stdout | 2025-11-04 09:08:43,106 [247] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:08:43,150 [247] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284: {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', ' gunicorn-web stdout | name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package ve gunicorn-web stdout | rsions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos app gunicorn-web stdout | lication server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '274 gunicorn-web stdout | 8113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functio gunicorn-web stdout | ns DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofService gunicorn-web stdout | attack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:43,159 [247] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 with expiration {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'pac gunicorn-web stdout | kage': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the f gunicorn-web stdout | ollowing package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a gunicorn-web stdout | GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '27 gunicorn-web stdout | 48113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications t gunicorn-web stdout | hat use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to gunicorn-web stdout | a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:43,174 [246] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:08:43,170 [247] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 with expiration {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'per gunicorn-web stdout | l-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc gunicorn-web stdout | _xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-m gunicorn-web stdout | it12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your sy gunicorn-web stdout | stem to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded m gunicorn-web stdout | emory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n U gunicorn-web stdout | pdate Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:43,189 [247] [DEBUG] [app] Ending request: urn:request:cf30e49a-4de4-40ca-8695-10a89d5e598a (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:cf30e49a-4de4-40ca-8695-10a89d5e598a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:43,190 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:43,191 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:43 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.0" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:43 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.1" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.348 1824 0.348) gunicorn-web stdout | 2025-11-04 09:08:43,225 [246] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f: {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3- gunicorn-web stdout | 4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has gunicorn-web stdout | been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': gunicorn-web stdout | 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2 gunicorn-web stdout | .27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04' gunicorn-web stdout | }, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https:// gunicorn-web stdout | www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:43,234 [246] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f with expiration {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls gunicorn-web stdout | -openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A gunicorn-web stdout | vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', ' gunicorn-web stdout | version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2. gunicorn-web stdout | 1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_na gunicorn-web stdout | me': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', gunicorn-web stdout | 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:43,244 [246] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f with expiration {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls- gunicorn-web stdout | openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A gunicorn-web stdout | vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'v gunicorn-web stdout | ersion_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1 gunicorn-web stdout | \ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_nam gunicorn-web stdout | e': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', gunicorn-web stdout | 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:43,258 [246] [DEBUG] [app] Ending request: urn:request:529cd102-ed1a-498d-9b16-913e2cae5dfc (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:529cd102-ed1a-498d-9b16-913e2cae5dfc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:43,259 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:43,260 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:43 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:43 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.410 1824 0.410) gunicorn-web stdout | 2025-11-04 09:08:43,272 [247] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /matcher/api/v1/vulnerability_report/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.1" 200 None gunicorn-web stdout | 2025-11-04 09:08:43,316 [247] [DEBUG] [data.cache.impl] Got loaded result for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde: {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_versio gunicorn-web stdout | n': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19. gunicorn-web stdout | 2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.1 gunicorn-web stdout | 0\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': ' gunicorn-web stdout | 22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'n gunicorn-web stdout | ame': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': gunicorn-web stdout | 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:08:43,323 [247] [DEBUG] [data.cache.impl] Caching loaded result for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde with expiration {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': { gunicorn-web stdout | }, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in gunicorn-web stdout | _version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-pro gunicorn-web stdout | f - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ub gunicorn-web stdout | untu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu gunicorn-web stdout | /updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', ' gunicorn-web stdout | version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:43,335 [247] [DEBUG] [data.cache.impl] Cached loaded result for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde with expiration {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {} gunicorn-web stdout | , 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_ gunicorn-web stdout | version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof gunicorn-web stdout | - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubu gunicorn-web stdout | ntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/ gunicorn-web stdout | updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'v gunicorn-web stdout | ersion_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}}: 300s gunicorn-web stdout | 2025-11-04 09:08:43,348 [247] [DEBUG] [app] Ending request: urn:request:57f2dcb0-fe52-40d5-99d8-1556a8f89250 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:57f2dcb0-fe52-40d5-99d8-1556a8f89250', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:08:43,348 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:43,350 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:08:43 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:08:43 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.350 1824 0.350) gcworker stdout | 2025-11-04 09:08:43,527 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:54.140529+00:00 (in 9.999495 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:44,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:54 GMT)" (scheduled at 2025-11-04 09:08:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:44,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:08:44,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 44, 141413), True, datetime.datetime(2025, 11, 4, 9, 8, 44, 141413), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:08:44,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:08:44,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:44,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:54 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:08:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:08:46,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:16.130127+00:00 (in 29.999198 seconds) autopruneworker stdout | 2025-11-04 09:08:46,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:16 GMT)" (scheduled at 2025-11-04 09:08:46.130127+00:00) autopruneworker stdout | 2025-11-04 09:08:46,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243726138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:08:46,144 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:08:46,144 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:08:46,144 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:16 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:08:46,207 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:46,488 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:46,492 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:46,506 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:46,525 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:08:46,537 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:08:48,793 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:08:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:08:59.156372+00:00 (in 9.999539 seconds) notificationworker stdout | 2025-11-04 09:08:49,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:59 GMT)" (scheduled at 2025-11-04 09:08:49.156372+00:00) notificationworker stdout | 2025-11-04 09:08:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:08:49,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 49, 157211), True, datetime.datetime(2025, 11, 4, 9, 8, 49, 157211), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:08:49,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:08:49,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:08:49,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:08:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:08:49,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:08:49,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:19.635986+00:00 (in 29.999549 seconds) buildlogsarchiver stdout | 2025-11-04 09:08:49,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:19 GMT)" (scheduled at 2025-11-04 09:08:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:08:49,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 8, 49, 637420), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:08:49,651 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:08:49,651 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:08:49,651 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:19 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:08:51,005 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:08:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:08:51,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:27.063966+00:00 (in 35.998123 seconds) repositorygcworker stdout | 2025-11-04 09:08:51,066 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:51 GMT)" (scheduled at 2025-11-04 09:08:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:08:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:08:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:09:51 GMT)" executed successfully securityworker stdout | 2025-11-04 09:08:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:08:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:07.252445+00:00 (in 15.997268 seconds) securityworker stdout | 2025-11-04 09:08:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:21 GMT)" (scheduled at 2025-11-04 09:08:51.254713+00:00) securityworker stdout | 2025-11-04 09:08:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:08:51,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:08:51,258 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:08:51,260 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:51,271 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:08:51,271 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:51,271 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:51,271 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:51,272 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:51,276 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:51,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:51,277 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:51,277 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:51,278 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 3, 51, 260545), 1, 49]) securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:08:51,281 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:08:51,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 3, 51, 260545), 1, 49]) securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:51,285 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:08:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:08:51,285 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:21 GMT)" executed successfully servicekey stdout | 2025-11-04 09:08:51,714 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:08:51,916 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:08:52,015 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:08:52,411 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:08:54,102 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:54,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:08:54,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:04.140529+00:00 (in 9.999525 seconds) proxycacheblobworker stdout | 2025-11-04 09:08:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:04 GMT)" (scheduled at 2025-11-04 09:08:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:08:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:08:54,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 54, 141427), True, datetime.datetime(2025, 11, 4, 9, 8, 54, 141427), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:08:54,156 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:08:54,156 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:08:54,156 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:08:54,517 [249] [DEBUG] [app] Starting request: urn:request:5e1d9337-fad8-4934-855a-cbe7563d01b5 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:54,518 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:54,520 [262] [DEBUG] [app] Starting request: urn:request:cf836d07-e6d8-4c67-950a-b65c3cf72329 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:54,521 [262] [DEBUG] [app] Ending request: urn:request:cf836d07-e6d8-4c67-950a-b65c3cf72329 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:cf836d07-e6d8-4c67-950a-b65c3cf72329', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:54,522 [262] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:08:54,522 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:54,523 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:54,524 [249] [DEBUG] [app] Starting request: urn:request:e4afca6e-cd7b-4d01-9a00-445ac24f868e (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:54,524 [249] [DEBUG] [app] Ending request: urn:request:e4afca6e-cd7b-4d01-9a00-445ac24f868e (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:e4afca6e-cd7b-4d01-9a00-445ac24f868e', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:08:54,525 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:54,525 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:54,525 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:54,525 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:54,525 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:54,534 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:54,534 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:54,544 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:54,547 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:54,551 [249] [DEBUG] [app] Ending request: urn:request:5e1d9337-fad8-4934-855a-cbe7563d01b5 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:5e1d9337-fad8-4934-855a-cbe7563d01b5', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:54,551 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:54,551 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.035) gunicorn-web stdout | 2025-11-04 09:08:54,587 [246] [DEBUG] [app] Starting request: urn:request:d1137dbf-94e8-46a5-b2e9-1a6873f0bed6 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:08:54,588 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:08:54,590 [262] [DEBUG] [app] Starting request: urn:request:2861adae-7f47-4c63-ad95-ef0db8a4adb5 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:08:54,590 [262] [DEBUG] [app] Ending request: urn:request:2861adae-7f47-4c63-ad95-ef0db8a4adb5 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:2861adae-7f47-4c63-ad95-ef0db8a4adb5', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:08:54,591 [262] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.001) gunicorn-web stdout | 2025-11-04 09:08:54,591 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:08:54,592 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:08:54,594 [249] [DEBUG] [app] Starting request: urn:request:43041e91-9e0c-43c4-8e30-f0bb90cf814b (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:08:54,594 [249] [DEBUG] [app] Ending request: urn:request:43041e91-9e0c-43c4-8e30-f0bb90cf814b (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:43041e91-9e0c-43c4-8e30-f0bb90cf814b', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:08:54,594 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:08:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:08:54,594 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:08:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:08:54,595 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:08:54,595 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:08:54,595 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:08:54,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:08:54,603 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:08:54,613 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:08:54,617 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:08:54,620 [246] [DEBUG] [app] Ending request: urn:request:d1137dbf-94e8-46a5-b2e9-1a6873f0bed6 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:d1137dbf-94e8-46a5-b2e9-1a6873f0bed6', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:08:54,620 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:08:54,620 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:08:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:08:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.034 118 0.034) globalpromstats stdout | 2025-11-04 09:08:55,695 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:08:55,911 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:08:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:08:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:04.952363+00:00 (in 8.995256 seconds) gcworker stdout | 2025-11-04 09:08:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:25 GMT)" (scheduled at 2025-11-04 09:08:55.956600+00:00) gcworker stdout | 2025-11-04 09:08:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:08:55,970 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762247035969, None, 1, 0]) gcworker stdout | 2025-11-04 09:08:55,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:08:55,974 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:08:56,218 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:08:56,921 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:08:57,412 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:08:57,610 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:08:57,814 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: expiredappspecifictokenworker stdout | 2025-11-04 09:08:58,493 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:08:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:08:59,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:09.156372+00:00 (in 9.999540 seconds) notificationworker stdout | 2025-11-04 09:08:59,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:09 GMT)" (scheduled at 2025-11-04 09:08:59.156372+00:00) notificationworker stdout | 2025-11-04 09:08:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:08:59,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 8, 59, 157255), True, datetime.datetime(2025, 11, 4, 9, 8, 59, 157255), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:08:59,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:08:59,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:08:59,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:08:59,408 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:08:59,617 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:09:00,625 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:09:00,712 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:09:01,486 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:09:01,484 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:09:01,491 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,751 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,750 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,856 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,864 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,873 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,884 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,884 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,887 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:03,882 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:09:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:04,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:14.140529+00:00 (in 9.999533 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:14 GMT)" (scheduled at 2025-11-04 09:09:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:09:04,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 4, 141343), True, datetime.datetime(2025, 11, 4, 9, 9, 4, 141343), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:09:04,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:09:04,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:09:04,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:14 GMT)" executed successfully gcworker stdout | 2025-11-04 09:09:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:09:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:25.956600+00:00 (in 21.003737 seconds) gcworker stdout | 2025-11-04 09:09:04,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:34 GMT)" (scheduled at 2025-11-04 09:09:04.952363+00:00) gcworker stdout | 2025-11-04 09:09:04,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037744953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:09:04,967 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:09:04,967 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:09:04,967 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:34 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:09:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:09:07,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:21.254713+00:00 (in 14.001817 seconds) securityworker stdout | 2025-11-04 09:09:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:37 GMT)" (scheduled at 2025-11-04 09:09:07.252445+00:00) securityworker stdout | 2025-11-04 09:09:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:09:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:09:07,255 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:09:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:09:07,268 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,271 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,271 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:07,271 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:07,271 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:09:07,272 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 29, 39]) securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 29-39 by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 29-39 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 29-39 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Left range 29-39 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 39-49 securityworker stdout | 2025-11-04 09:09:07,277 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 29-39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 29-39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 39-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:09:07,278 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 39, 49]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 39-49 by worker securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 39-49 by worker securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 39-49 securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 29-39 securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Already merged with block 29-39 securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 29 securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 39-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 29-39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 29-39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-29 securityworker stdout | 2025-11-04 09:09:07,281 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:09:07,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 3, 13]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 3-13 by worker securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 3-13 by worker securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 3-13 securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 3-13 securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Left range 3-13 securityworker stdout | 2025-11-04 09:09:07,285 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 13-29 securityworker stdout | 2025-11-04 09:09:07,286 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 3-13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 3-13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 3-13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 13-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:09:07,286 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 18, 28]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 18-28 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Left range 3-13 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Right range 18-28 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 13-18 securityworker stdout | 2025-11-04 09:09:07,289 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 18-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 3-13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 18-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 13-18 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 13 securityworker stdout | 2025-11-04 09:09:07,290 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 13, 23]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 3-13 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Already merged with block 3-13 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Merging with block 18-28 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 3-28 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 3-13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 3-13 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 18-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 3-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Total range: 1-29 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Right range 3-28 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-3 securityworker stdout | 2025-11-04 09:09:07,293 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 3-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-3 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:07,294 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Merging with block 3-28 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 28 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Total range: 28-29 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 3-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 28-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 28-29 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 28-29 securityworker stdout | 2025-11-04 09:09:07,297 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stdout | 2025-11-04 09:09:07,298 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 28, 38]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 28-38 by worker securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 28-38 by worker securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 28-38 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 28 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 38 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Total range: 38-28 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 28-38 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 38 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 38-28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:07,301 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:09:07,302 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 9, 19]) securityworker stdout | 2025-11-04 09:09:07,305 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 9-19 by worker securityworker stdout | 2025-11-04 09:09:07,305 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 9-19 securityworker stdout | 2025-11-04 09:09:07,305 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-19 securityworker stdout | 2025-11-04 09:09:07,305 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,305 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,305 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,306 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stdout | 2025-11-04 09:09:07,306 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-49 securityworker stdout | 2025-11-04 09:09:07,306 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 9-19 by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:09:07,306 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 24, 34]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 24-34 by worker securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 24-34 securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Right range 24-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 24-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 24-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 24-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-24 securityworker stdout | 2025-11-04 09:09:07,309 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-24 securityworker stdout | 2025-11-04 09:09:07,310 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:09:07,310 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 19, 29]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-19 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-19 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Merging with block 24-34 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-34 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 24-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Right range 9-34 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-9 securityworker stdout | 2025-11-04 09:09:07,313 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 9-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-9 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:07,314 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 1, 11]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Merging with block 9-34 securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 34 securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Total range: 34-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 9-34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 34-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-49 securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-49 securityworker stdout | 2025-11-04 09:09:07,318 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:09:07,319 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 37, 47]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 37-47 by worker securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 37-47 securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Total range: 34-49 securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Right range 37-47 securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-37 securityworker stdout | 2025-11-04 09:09:07,322 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 34 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 37-47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 37-47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 34-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 37-47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 34-37 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 34 securityworker stdout | 2025-11-04 09:09:07,323 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 34, 44]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 34-44 by worker securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 34-44 by worker securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 34-44 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Merging with block 37-47 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 47 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Total range: 47-49 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 34-44 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 37-47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 47-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 47-49 securityworker stdout | 2025-11-04 09:09:07,326 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 47 securityworker stdout | 2025-11-04 09:09:07,327 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 47, 49]) securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 47 securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Total range: 49-47 securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,330 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:07,331 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:07,331 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 47-49 by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 47-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 49-47 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:09:07,331 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 38, 48]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 38-48 by worker securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 38-48 by worker securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 38-48 securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 38-48 securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Right range 38-48 securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-38 securityworker stdout | 2025-11-04 09:09:07,335 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 38-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 38-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 38-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-38 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stdout | 2025-11-04 09:09:07,336 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 9, 19]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 9-19 by worker securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 9-19 by worker securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 9-19 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-19 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 38-48 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Right range 38-48 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-38 securityworker stdout | 2025-11-04 09:09:07,339 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-38 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 28 securityworker stdout | 2025-11-04 09:09:07,340 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 21, 31]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 21-31 by worker securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 21-31 by worker securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 21-31 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-31 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 4 total holes securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Left range 21-31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 21-31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 3 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 4 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 21-31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 38-48 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Right range 38-48 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-38 securityworker stdout | 2025-11-04 09:09:07,343 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-38 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 31 securityworker stdout | 2025-11-04 09:09:07,344 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 31, 41]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 21-31 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Already merged with block 21-31 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Merging with block 38-48 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-48 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 21-31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 21-31 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 38-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Right range 21-48 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-21 securityworker stdout | 2025-11-04 09:09:07,347 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Left range 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 21-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 19-21 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 19 securityworker stdout | 2025-11-04 09:09:07,348 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 19, 29]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 19-29 by worker securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-19 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-19 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Merging with block 21-48 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 19-29 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 9-19 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 21-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 9-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Right range 9-48 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-9 securityworker stdout | 2025-11-04 09:09:07,351 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Right range 9-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-9 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:07,352 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 1, 11]) securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Merging with block 9-48 securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 48 securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Total range: 48-49 securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:07,355 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 48-49 securityworker stdout | 2025-11-04 09:09:07,356 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 9-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 48-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 48-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 48 securityworker stdout | 2025-11-04 09:09:07,356 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 7, 257174), 48, 49]) securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 48-49 by worker securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 48-49 by worker securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 48-49 securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 48 securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] Total range: 49-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 48-49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] Total range: 49-48 securityworker stderr | 2025-11-04 09:09:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:07,359 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:07,360 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:09:07,360 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:09:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:09:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:37.446883+00:00 (in 30.001717 seconds) namespacegcworker stdout | 2025-11-04 09:09:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:07 GMT)" (scheduled at 2025-11-04 09:09:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:09:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:09:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 7, 445500), True, datetime.datetime(2025, 11, 4, 9, 9, 7, 445500), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:09:07,458 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:09:07,458 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:09:07,458 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:09:07,715 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:09:07,907 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:09:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:19.156372+00:00 (in 9.999551 seconds) notificationworker stdout | 2025-11-04 09:09:09,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:19 GMT)" (scheduled at 2025-11-04 09:09:09.156372+00:00) notificationworker stdout | 2025-11-04 09:09:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:09:09,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 9, 157140), True, datetime.datetime(2025, 11, 4, 9, 9, 9, 157140), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:09:09,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:09:09,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:09:09,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:09,515 [247] [DEBUG] [app] Starting request: urn:request:05d477e7-4d1d-4281-8a84-a6a3e9f0d4f4 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:09,517 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:09,519 [257] [DEBUG] [app] Starting request: urn:request:5cc22e1b-6b04-4770-a5e3-649be8cd37de (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:09,519 [257] [DEBUG] [app] Ending request: urn:request:5cc22e1b-6b04-4770-a5e3-649be8cd37de (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:5cc22e1b-6b04-4770-a5e3-649be8cd37de', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:09,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.001) gunicorn-web stdout | 2025-11-04 09:09:09,520 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:09,521 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:09,522 [247] [DEBUG] [app] Starting request: urn:request:25a24d60-b73d-4583-9728-20448fdf16b3 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:09,523 [247] [DEBUG] [app] Ending request: urn:request:25a24d60-b73d-4583-9728-20448fdf16b3 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:25a24d60-b73d-4583-9728-20448fdf16b3', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:09,523 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:09,523 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:09,524 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:09,524 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:09,524 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:09,532 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:09,532 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:09,542 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:09,546 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:09,550 [247] [DEBUG] [app] Ending request: urn:request:05d477e7-4d1d-4281-8a84-a6a3e9f0d4f4 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:05d477e7-4d1d-4281-8a84-a6a3e9f0d4f4', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:09,550 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:09,550 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.035 118 0.035) gunicorn-web stdout | 2025-11-04 09:09:09,588 [246] [DEBUG] [app] Starting request: urn:request:f11926d6-ea19-47a4-befe-d62163e694ec (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:09,589 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:09,591 [257] [DEBUG] [app] Starting request: urn:request:62833e18-318c-4555-ab47-68dd6d1c4b5d (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:09,591 [257] [DEBUG] [app] Ending request: urn:request:62833e18-318c-4555-ab47-68dd6d1c4b5d (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:62833e18-318c-4555-ab47-68dd6d1c4b5d', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:09,592 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:09,592 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.001) gunicorn-web stdout | 2025-11-04 09:09:09,594 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:09,595 [247] [DEBUG] [app] Starting request: urn:request:bcf7631e-a4c7-449e-971b-6d51b465f82f (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:09,595 [247] [DEBUG] [app] Ending request: urn:request:bcf7631e-a4c7-449e-971b-6d51b465f82f (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:bcf7631e-a4c7-449e-971b-6d51b465f82f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:09,596 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:09,595 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:09,596 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:09,596 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:09,596 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:09,603 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:09,603 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:09,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:09,615 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:09,618 [246] [DEBUG] [app] Ending request: urn:request:f11926d6-ea19-47a4-befe-d62163e694ec (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:f11926d6-ea19-47a4-befe-d62163e694ec', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:09,618 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:09,619 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) securityscanningnotificationworker stdout | 2025-11-04 09:09:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:09:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:27.745464+00:00 (in 17.001192 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:09:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:10 GMT)" (scheduled at 2025-11-04 09:09:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:09:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:09:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 10, 744621), True, datetime.datetime(2025, 11, 4, 9, 9, 10, 744621), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:09:10,757 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:09:10,757 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:09:10,757 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:09:11,040 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:09:12,236 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:12,813 [262] [DEBUG] [app] Starting request: urn:request:c5ad69d6-7037-49fc-864f-07abe264e96d (/v2/auth) {'X-Forwarded-For': '183.241.154.170, 10.129.4.13'} gunicorn-registry stdout | 2025-11-04 09:09:12,814 [262] [DEBUG] [auth.basic] Attempt to process basic auth header gunicorn-registry stdout | 2025-11-04 09:09:12,816 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) OR ("t1"."email" = %s)) LIMIT %s OFFSET %s', ['quay', 'quay', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:12,816 [262] [DEBUG] [peewee.pool] No connection available in pool. gunicorn-registry stdout | 2025-11-04 09:09:12,823 [262] [DEBUG] [peewee.pool] Created new connection 140180670233024. pullstatsredisflushworker stdout | 2025-11-04 09:09:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:09:12,953 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:42.952336+00:00 (in 29.999204 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:09:12,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:42 GMT)" (scheduled at 2025-11-04 09:09:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:09:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:09:12,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:09:12,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:42 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:09:13,106 [262] [DEBUG] [auth.credentials] Successfully validated credentials for user quay gunicorn-registry stdout | 2025-11-04 09:09:13,106 [262] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-registry stdout | 2025-11-04 09:09:13,107 [262] [DEBUG] [auth.permissions] Identity loaded: gunicorn-registry stdout | 2025-11-04 09:09:13,107 [262] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-registry stdout | 2025-11-04 09:09:13,107 [262] [DEBUG] [endpoints.v2.v2auth] Request audience: quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com gunicorn-registry stdout | 2025-11-04 09:09:13,108 [262] [DEBUG] [endpoints.v2.v2auth] Scope request: ['repository:quayorg/repo1:pull'] gunicorn-registry stdout | 2025-11-04 09:09:13,108 [262] [DEBUG] [endpoints.v2.v2auth] Match: ('quayorg/repo1', 'quayorg/repo1', 'pull') gunicorn-registry stdout | 2025-11-04 09:09:13,109 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE ("t1"."username" = %s) LIMIT %s OFFSET %s', ['quayorg', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:13,114 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:13,118 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:13,122 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:13,125 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1"', []) gunicorn-registry stdout | 2025-11-04 09:09:13,129 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['public', 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:13,132 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."organization_id", "t1"."creation_date", "t1"."upstream_registry", "t1"."upstream_registry_username", "t1"."upstream_registry_password", "t1"."expiration_s", "t1"."insecure" FROM "proxycacheconfig" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") WHERE (("t2"."username" = %s) AND ("t2"."organization" = %s)) LIMIT %s OFFSET %s', ['quayorg', True, 1, 0]) gunicorn-registry stdout | 2025-11-04 09:09:13,135 [262] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-registry stdout | 2025-11-04 09:09:13,135 [262] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-registry stdout | 2025-11-04 09:09:13,135 [262] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-registry stdout | 2025-11-04 09:09:13,135 [262] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-registry stdout | 2025-11-04 09:09:13,138 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-registry stdout | 2025-11-04 09:09:13,143 [262] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-registry stdout | 2025-11-04 09:09:13,144 [262] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-registry stdout | 2025-11-04 09:09:13,197 [262] [DEBUG] [app] Ending request: urn:request:c5ad69d6-7037-49fc-864f-07abe264e96d (/v2/auth) {'endpoint': 'v2.generate_registry_jwt', 'request_id': 'urn:request:c5ad69d6-7037-49fc-864f-07abe264e96d', 'remote_addr': '10.129.4.13', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/v2/auth?account=quay&scope=repository:quayorg/repo1:pull&service=quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com', 'path': '/v2/auth', 'parameters': {'account': 'quay', 'scope': 'repository:quayorg/repo1:pull', 'service': 'quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com'}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'containers/5.34.3 (github.com/containers/image)'} gunicorn-registry stdout | 2025-11-04 09:09:13,197 [262] [DEBUG] [data.database] Disconnecting from database. gunicorn-registry stdout | 2025-11-04 09:09:13,197 [262] [DEBUG] [peewee.pool] Returning 140180670233024 to pool. nginx stdout | 10.129.4.13 (-) - quay [04/Nov/2025:09:09:13 +0000] "GET /v2/auth?account=quay&scope=repository%3Aquayorg%2Frepo1%3Apull&service=quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com HTTP/1.1" 200 1083 "-" "containers/5.34.3 (github.com/containers/image)" (0.384 725 0.384) gunicorn-registry stdout | 2025-11-04 09:09:13,197 [262] [INFO] [gunicorn.access] 10.129.4.13 - quay [04/Nov/2025:09:09:13 +0000] "GET /v2/auth?account=quay&scope=repository%3Aquayorg%2Frepo1%3Apull&service=quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com HTTP/1.1" 200 1083 "-" "containers/5.34.3 (github.com/containers/image)" gunicorn-registry stdout | 2025-11-04 09:09:13,201 [262] [DEBUG] [data.userevent] Published user event docker-cli: {'action': 'pull_start', 'namespace': 'quayorg', 'repository': 'repo1'} gcworker stdout | 2025-11-04 09:09:13,553 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:09:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:14,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:24.140529+00:00 (in 9.999525 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:24 GMT)" (scheduled at 2025-11-04 09:09:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:09:14,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 14, 141358), True, datetime.datetime(2025, 11, 4, 9, 9, 14, 141358), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:09:14,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:09:14,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:09:14,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:24 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:09:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:09:16,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:46.130127+00:00 (in 29.999194 seconds) autopruneworker stdout | 2025-11-04 09:09:16,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:46 GMT)" (scheduled at 2025-11-04 09:09:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:09:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243756138, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:09:16,144 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:09:16,144 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:09:16,144 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:46 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:09:16,220 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:09:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:09:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:28.340417+00:00 (in 11.996628 seconds) exportactionlogsworker stdout | 2025-11-04 09:09:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:16 GMT)" (scheduled at 2025-11-04 09:09:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:09:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:09:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:16,510 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:16,510 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:16,520 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:16,543 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:16,555 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:09:18,808 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:09:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:29.156372+00:00 (in 9.999481 seconds) notificationworker stdout | 2025-11-04 09:09:19,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:29 GMT)" (scheduled at 2025-11-04 09:09:19.156372+00:00) notificationworker stdout | 2025-11-04 09:09:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:09:19,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 19, 157271), True, datetime.datetime(2025, 11, 4, 9, 9, 19, 157271), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:09:19,172 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:09:19,172 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:09:19,172 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:20.247243+00:00 (in 1.001441 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:19 GMT)" (scheduled at 2025-11-04 09:09:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,247 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,258 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,258 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:09:19,258 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:09:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:09:19,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:49.635986+00:00 (in 29.999554 seconds) buildlogsarchiver stdout | 2025-11-04 09:09:19,636 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:49 GMT)" (scheduled at 2025-11-04 09:09:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:09:19,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 9, 19, 637102), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:09:19,649 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:09:19,649 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:09:19,649 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,247 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:19.245377+00:00 (in 58.997701 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,247 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:20 GMT)" (scheduled at 2025-11-04 09:09:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,261 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,261 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:09:20,261 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:09:21,017 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:09:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:09:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:37.252445+00:00 (in 15.997242 seconds) securityworker stdout | 2025-11-04 09:09:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:51 GMT)" (scheduled at 2025-11-04 09:09:21.254713+00:00) securityworker stdout | 2025-11-04 09:09:21,256 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:09:21,256 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:09:21,258 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:09:21,261 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:21,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:21,273 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:21,273 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:21,273 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:21,274 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:21,278 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:21,278 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:21,279 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:21,280 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 21, 261158), 1, 49]) securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:21,283 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:21,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 21, 261158), 1, 49]) securityworker stdout | 2025-11-04 09:09:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:09:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:21,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:21,289 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:09:21,289 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:21,289 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:09:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:21,289 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:09:21,728 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:09:21,930 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:09:22,028 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:09:22,429 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:09:24,115 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:09:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:24,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:27.142482+00:00 (in 3.001501 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:34 GMT)" (scheduled at 2025-11-04 09:09:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:09:24,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 24, 141343), True, datetime.datetime(2025, 11, 4, 9, 9, 24, 141343), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:09:24,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:09:24,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:09:24,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:24,399 [249] [DEBUG] [app] Starting request: urn:request:20c6baa4-6701-4396-a4aa-c2644e0349e0 (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:24,400 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:24,400 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:24,400 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:24,412 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:24,412 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:24,412 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:24,412 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:24,413 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:24,413 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:24,413 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:24,413 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:24,414 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:24,419 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:24,420 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:24,426 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:24,430 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:24,434 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:24,437 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:24,441 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (("t1"."repository_id" = %s) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, False, 51, 0]) gunicorn-web stdout | 2025-11-04 09:09:24,446 [249] [DEBUG] [app] Ending request: urn:request:20c6baa4-6701-4396-a4aa-c2644e0349e0 (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:20c6baa4-6701-4396-a4aa-c2644e0349e0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=50&page=1', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '50', 'page': '1'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:24,446 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:24,447 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:24 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=50&page=1 HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=history" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=50&page=1 HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=history" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1752 0.049) gunicorn-web stdout | 2025-11-04 09:09:24,516 [249] [DEBUG] [app] Starting request: urn:request:609efb9b-019e-4549-9c92-12db6d05bf8c (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:24,517 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:24,518 [257] [DEBUG] [app] Starting request: urn:request:28cfa202-b3fa-4ee8-a276-9ebe0a86eb07 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:24,519 [257] [DEBUG] [app] Ending request: urn:request:28cfa202-b3fa-4ee8-a276-9ebe0a86eb07 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:28cfa202-b3fa-4ee8-a276-9ebe0a86eb07', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:24,519 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:24,519 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:09:24,520 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:24,522 [246] [DEBUG] [app] Starting request: urn:request:d672fd97-0e10-4c7c-8954-b7c091c22b12 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:24,523 [246] [DEBUG] [app] Ending request: urn:request:d672fd97-0e10-4c7c-8954-b7c091c22b12 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:d672fd97-0e10-4c7c-8954-b7c091c22b12', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:24,523 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:24,523 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:24,524 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:24,524 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:24,524 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:24,531 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:24,531 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:24,540 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:24,543 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:24,546 [249] [DEBUG] [app] Ending request: urn:request:609efb9b-019e-4549-9c92-12db6d05bf8c (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:609efb9b-019e-4549-9c92-12db6d05bf8c', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:24,547 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:24,547 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:09:24,587 [246] [DEBUG] [app] Starting request: urn:request:4fa064fc-1348-433b-8c5e-a2abc424b8c4 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:24,587 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:24,589 [263] [DEBUG] [app] Starting request: urn:request:540053aa-ddb5-4bd0-a9a5-d3396e5b5370 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:24,590 [263] [DEBUG] [app] Ending request: urn:request:540053aa-ddb5-4bd0-a9a5-d3396e5b5370 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:540053aa-ddb5-4bd0-a9a5-d3396e5b5370', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:24,590 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:24,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:09:24,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:24,592 [249] [DEBUG] [app] Starting request: urn:request:e04651d7-5b6a-465a-87a3-e220461565b1 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:24,593 [249] [DEBUG] [app] Ending request: urn:request:e04651d7-5b6a-465a-87a3-e220461565b1 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:e04651d7-5b6a-465a-87a3-e220461565b1', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:24,593 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:24,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:24,594 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:24,594 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:24,594 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:24,601 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:24,601 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:24,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:24,615 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:24,618 [246] [DEBUG] [app] Ending request: urn:request:4fa064fc-1348-433b-8c5e-a2abc424b8c4 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:4fa064fc-1348-433b-8c5e-a2abc424b8c4', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:24,618 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:09:24,618 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" globalpromstats stdout | 2025-11-04 09:09:25,708 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:25,710 [248] [DEBUG] [app] Starting request: urn:request:fbba200f-9675-49d0-b442-ca8acd7f6801 (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:25,710 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:25,710 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:25,711 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:25,722 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:25,722 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:25,722 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:25,723 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:25,723 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:25,723 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:25,723 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:25,723 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:25,724 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:25,729 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:25,730 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:25,736 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:25,740 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:25,744 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:25,747 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:25,751 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, None, 1762247365751, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:09:25,756 [248] [DEBUG] [app] Ending request: urn:request:fbba200f-9675-49d0-b442-ca8acd7f6801 (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:fbba200f-9675-49d0-b442-ca8acd7f6801', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:25,757 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:25 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.048 1770 0.048) gunicorn-web stdout | 2025-11-04 09:09:25,757 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:25 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" quotaregistrysizeworker stdout | 2025-11-04 09:09:25,938 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:09:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:09:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:34.952363+00:00 (in 8.995316 seconds) gcworker stdout | 2025-11-04 09:09:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:55 GMT)" (scheduled at 2025-11-04 09:09:25.956600+00:00) gcworker stdout | 2025-11-04 09:09:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:09:25,968 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762247065967, None, 1, 0]) gcworker stdout | 2025-11-04 09:09:25,971 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:09:25,972 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:09:55 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:26,150 [246] [DEBUG] [app] Starting request: urn:request:74fbe442-1335-4636-9220-2a059a1c4368 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,150 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,150 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,151 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,162 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,162 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,162 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,162 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,163 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,163 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,163 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,163 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,164 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,168 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,169 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,175 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,180 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,183 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,187 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,191 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', None, 1762247366190, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,195 [246] [DEBUG] [app] Ending request: urn:request:74fbe442-1335-4636-9220-2a059a1c4368 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:74fbe442-1335-4636-9220-2a059a1c4368', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,196 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:26,196 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.0" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.1" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.048 1817 0.048) chunkcleanupworker stdout | 2025-11-04 09:09:26,231 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:26,551 [246] [DEBUG] [app] Starting request: urn:request:6e923499-3759-42ed-923d-1e236606c55c (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,551 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,551 [249] [DEBUG] [app] Starting request: urn:request:01792a93-82e8-4bf3-a4d8-695d3c0ac356 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,551 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,551 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,551 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,551 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,552 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,553 [247] [DEBUG] [app] Starting request: urn:request:8eab3f92-ff12-411a-b29b-34d46978b507 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,554 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,554 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,554 [248] [DEBUG] [app] Starting request: urn:request:39df423e-b990-4469-84f8-c03af0a163eb (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,554 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,554 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,554 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,555 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,564 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,564 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,566 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,566 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,566 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,567 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,567 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,569 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,571 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,571 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,572 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,572 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,573 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,573 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,574 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,575 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,578 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,578 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,580 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,580 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,583 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,583 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,585 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,586 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,586 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,586 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,589 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,589 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,590 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,590 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,592 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,593 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,593 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,594 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247366593, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,595 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247366595, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,597 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247366596, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,597 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,598 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247366598, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,600 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 gunicorn-web stdout | 2025-11-04 09:09:26,600 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247366600, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,601 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247366601, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,602 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,604 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,606 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,607 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,609 [247] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,610 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['ef9abce7-c4cd-4ded-b01d-2c5ccca4b9ee']) gunicorn-web stdout | 2025-11-04 09:09:26,611 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,612 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['3ba345dd-d3e5-49bf-92a4-9f3634520db3']) gunicorn-web stdout | 2025-11-04 09:09:26,606 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19: {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - gunicorn-web stdout | 2025-11-04 09:09:26,613 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package gunicorn-web stdout | versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': gunicorn-web stdout | '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2 gunicorn-web stdout | 2025-11-04 09:09:26,614 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d2b6678e-4d11-4167-b4ca-83ed7b72ea7f']) gunicorn-web stdout | 025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jamm gunicorn-web stdout | 2025-11-04 09:09:26,616 [247] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | y', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly gunicorn-web stdout | restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'} gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,617 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:26,618 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,618 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090926Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090926Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | a6ff56bc57203b2647de702be49f8d36ca0035f0c3d7039d2cd9f6362963f0c1 gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 1d15667c807e48a60019b439523c91ed1df3529b1a88ecca323fa7c6239f7dd1 gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,619 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090926Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=1d15667c807e48a60019b439523c91ed1df3529b1a88ecca323fa7c6239f7dd1', 'amz-sdk-invocation-id': b'9eb9619d-fe99-4b2e-a152-716aa71eee89', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:26,619 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:26,620 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'} gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:26,620 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:26,620 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090926Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:26,621 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090926Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | f5080cbe072b2df44c7fd3416b22b2afc7347fff49a02ebe1a820dbe1d3c8c3d gunicorn-web stdout | 2025-11-04 09:09:26,622 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 48d6bc45e98b84865bceace0c11bbf6d90208f977d6aea522a2847fcd3ed6e99 gunicorn-web stdout | 2025-11-04 09:09:26,622 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,622 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:26,622 [247] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,622 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090926Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=48d6bc45e98b84865bceace0c11bbf6d90208f977d6aea522a2847fcd3ed6e99', 'amz-sdk-invocation-id': b'e5285670-b054-4b60-b1f2-870f8467a23d', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:26,622 [249] [DEBUG] [app] Starting request: urn:request:5c463143-5153-456b-92e3-3240aab6378b (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,622 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:26,622 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,622 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:26,622 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,622 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'} gunicorn-web stdout | 2025-11-04 09:09:26,622 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:26,623 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:26,623 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,623 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090926Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090926Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bb349901bdd14bffcea86ed179fb2af7473153f2a5f5471d4b831f12602a3037 gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 6be4f993cedde0ed3c371b4986e040cadb84f6cedfda8c0638280c82f132d51a gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,624 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090926Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=6be4f993cedde0ed3c371b4986e040cadb84f6cedfda8c0638280c82f132d51a', 'amz-sdk-invocation-id': b'a9653a87-919d-4090-95b8-7f8a58edb4fc', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:26,625 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:26,625 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:26,625 [247] [DEBUG] [app] Starting request: urn:request:0961f0c6-47da-48f3-a49f-128a44cb07fd (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:26,626 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,626 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,626 [246] [DEBUG] [app] Ending request: urn:request:6e923499-3759-42ed-923d-1e236606c55c (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:6e923499-3759-42ed-923d-1e236606c55c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,626 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:26,626 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.079 1824 0.079) gunicorn-web stdout | 2025-11-04 09:09:26,628 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,636 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,637 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,638 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,640 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,642 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,643 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,645 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:26,646 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,648 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,652 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,653 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,657 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,657 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,660 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,660 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,663 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247366663, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,664 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,667 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,669 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247366668, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,672 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,673 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,675 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 gunicorn-web stdout | 2025-11-04 09:09:26,677 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,681 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['64839d2b-ddf6-483e-a320-f8d7b00033ad']) gunicorn-web stdout | 2025-11-04 09:09:26,684 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:26,685 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:26,685 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'} gunicorn-web stdout | 2025-11-04 09:09:26,685 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,685 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,686 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,686 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,686 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,686 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,686 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,679 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13: {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this bein gunicorn-web stdout | g detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' gunicorn-web stdout | 2025-11-04 09:09:26,686 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22 gunicorn-web stdout | 2025-11-04 09:09:26,687 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 HTTP/1.1" 200 1465 gunicorn-web stdout | .04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates gunicorn-web stdout | 2025-11-04 09:09:26,688 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckykg-dowk66-1csw', 'x-amz-id-2': 'mhkckykg-dowk66-1csw', 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:26,688 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35- gunicorn-web stdout | 0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. gunicorn-web stdout | 2025-11-04 09:09:26,688 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:26,688 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/ gunicorn-web stdout | USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:26,690 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:26,691 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,691 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:26,691 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,691 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,691 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,691 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,691 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,691 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkckykg-dowk66-1csw', 'HostId': 'mhkckykg-dowk66-1csw', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckykg-dowk66-1csw', 'x-amz-id-2': 'mhkckykg-dowk66-1csw', 'etag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 7, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:26,691 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:26,691 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090926Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090926Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | dfe7d7315988db3cd4a2e6b3b96c1fb5e30a7b99c021da6f54793b10a8c1bbaa gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 210f8a351981eb7c263c540cc27d92184d110a187a35c181a8a9ae8d183874f8 gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,692 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090926Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=210f8a351981eb7c263c540cc27d92184d110a187a35c181a8a9ae8d183874f8', 'amz-sdk-invocation-id': b'cfbba435-1135-43e1-bb29-acf0bf2ea29a', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:26,693 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:26,693 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,693 [249] [DEBUG] [urllib3.connectionpool] Starting new HTTPS connection (2): s3.openshift-storage.svc.cluster.local:443 gunicorn-web stdout | 2025-11-04 09:09:26,697 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 10, 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,701 [248] [DEBUG] [app] Ending request: urn:request:39df423e-b990-4469-84f8-c03af0a163eb (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:39df423e-b990-4469-84f8-c03af0a163eb', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,702 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:26,703 [247] [DEBUG] [app] Ending request: urn:request:0961f0c6-47da-48f3-a49f-128a44cb07fd (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:0961f0c6-47da-48f3-a49f-128a44cb07fd', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,703 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.151 1794 0.151) gunicorn-web stdout | 2025-11-04 09:09:26,704 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.150 1824 0.151) gunicorn-web stdout | 2025-11-04 09:09:26,705 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:26,749 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf HTTP/1.1" 200 1478 gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckymq-f1cz3a-80n', 'x-amz-id-2': 'mhkckymq-f1cz3a-80n', 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1478', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,750 [247] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkckymq-f1cz3a-80n', 'HostId': 'mhkckymq-f1cz3a-80n', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckymq-f1cz3a-80n', 'x-amz-id-2': 'mhkckymq-f1cz3a-80n', 'etag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'content-type': 'application/octet-stream', 'content-length': '1478', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 58, tzinfo=tzutc()), 'ContentLength': 1478, 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:26,752 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,756 [247] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 10, 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,760 [247] [DEBUG] [app] Ending request: urn:request:8eab3f92-ff12-411a-b29b-34d46978b507 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:8eab3f92-ff12-411a-b29b-34d46978b507', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,761 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:26,762 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.209 1794 0.209) gunicorn-web stdout | 2025-11-04 09:09:26,763 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee HTTP/1.1" 200 1463 gunicorn-web stdout | 2025-11-04 09:09:26,763 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckyn4-f9m67v-cx4', 'x-amz-id-2': 'mhkckyn4-f9m67v-cx4', 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1463', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:26,764 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:26,764 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,765 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:26,765 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,765 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,765 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkckyn4-f9m67v-cx4', 'HostId': 'mhkckyn4-f9m67v-cx4', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckyn4-f9m67v-cx4', 'x-amz-id-2': 'mhkckyn4-f9m67v-cx4', 'etag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'content-type': 'application/octet-stream', 'content-length': '1463', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 46, tzinfo=tzutc()), 'ContentLength': 1463, 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:26,766 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,770 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 1, 10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,775 [249] [DEBUG] [app] Ending request: urn:request:01792a93-82e8-4bf3-a4d8-695d3c0ac356 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:01792a93-82e8-4bf3-a4d8-695d3c0ac356', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,775 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:26,776 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.227 1794 0.227) gunicorn-web stdout | 2025-11-04 09:09:26,776 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:26,776 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckyn5-fagws0-3yh', 'x-amz-id-2': 'mhkckyn5-fagws0-3yh', 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:26,776 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:26,777 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:26,777 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:26,777 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,777 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:26,777 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkckyn5-fagws0-3yh', 'HostId': 'mhkckyn5-fagws0-3yh', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckyn5-fagws0-3yh', 'x-amz-id-2': 'mhkckyn5-fagws0-3yh', 'etag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:26 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 14, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:26,778 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:26,782 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 1, 10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1]) gunicorn-web stdout | 2025-11-04 09:09:26,786 [249] [DEBUG] [app] Ending request: urn:request:5c463143-5153-456b-92e3-3240aab6378b (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:5c463143-5153-456b-92e3-3240aab6378b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:26,787 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:26,787 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:26 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.232 1794 0.232) proxycacheblobworker stdout | 2025-11-04 09:09:26,933 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:27,046 [246] [DEBUG] [app] Starting request: urn:request:5e9333db-c312-4ab6-bb93-bfb77b12c122 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:27,046 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,046 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,047 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,060 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:27,060 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:27,060 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,060 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:27,060 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,060 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,061 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,061 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,062 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) repositorygcworker stdout | 2025-11-04 09:09:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:09:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:51.065407+00:00 (in 24.001038 seconds) repositorygcworker stdout | 2025-11-04 09:09:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:27 GMT)" (scheduled at 2025-11-04 09:09:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:09:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:09:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 27, 64943), True, datetime.datetime(2025, 11, 4, 9, 9, 27, 64943), 0, 'repositorygc/%', 50, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,067 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,068 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,073 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) repositorygcworker stdout | 2025-11-04 09:09:27,076 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:09:27,076 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:09:27,077 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:27 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:27,079 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,082 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,085 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,088 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247367088, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,093 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247367093, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,098 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,098 [249] [DEBUG] [app] Starting request: urn:request:994bf96b-3a32-4da0-8156-2c66a34f3c38 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:27,098 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,098 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,099 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,102 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,107 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['f575e9f5-0cf3-43f0-8b1b-0f1457f07e69']) gunicorn-web stdout | 2025-11-04 09:09:27,110 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:27,110 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:27,110 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:27,110 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,110 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:27,111 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,111 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,111 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,111 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,112 [247] [DEBUG] [app] Starting request: urn:request:437c3d71-35ac-41ac-b66f-f8f4466a113c (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:27,112 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,112 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,112 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'} gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,112 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,113 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,113 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090927Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090927Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 649b01ca17b41f6450fbc0b5cd34560398cce06d3ba7e3f53bada5fff241d715 gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 8e8f09078355f4b0daa333d0132316cda606adcdab8c8c5eddb5ca88d9dd2fda gunicorn-web stdout | 2025-11-04 09:09:27,114 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,115 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:27,115 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,115 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090927Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=8e8f09078355f4b0daa333d0132316cda606adcdab8c8c5eddb5ca88d9dd2fda', 'amz-sdk-invocation-id': b'a47f8520-b7d5-4a90-b7e7-97f0432f638b', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:27,115 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:27,116 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:27,117 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,119 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,119 [246] [DEBUG] [app] Starting request: urn:request:4d23565a-c80f-411a-859f-99f6ff9beb6e (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:27,120 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,120 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,121 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,123 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:27,123 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:27,123 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,124 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:27,124 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,124 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,124 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,124 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,124 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,125 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,129 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,131 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,132 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,132 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:27,132 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:27,132 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,133 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,133 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:27,133 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,133 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,133 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,133 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,134 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,136 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,138 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,139 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,140 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,140 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) proxycacheblobworker stdout | 2025-11-04 09:09:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:27,143 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:34.140529+00:00 (in 6.997306 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:27 GMT)" (scheduled at 2025-11-04 09:09:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:09:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:27 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:27,143 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,143 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,146 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,147 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,147 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 gunicorn-web stdout | 2025-11-04 09:09:27,150 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,151 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,154 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247367154, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,155 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,151 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8: {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; i gunicorn-web stdout | 2025-11-04 09:09:27,158 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | t does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instru gunicorn-web stdout | ctions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util gunicorn-web stdout | -linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubunt gunicorn-web stdout | 2025-11-04 09:09:27,160 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247367159, False, 1, 0]) gunicorn-web stdout | u', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy gunicorn-web stdout | ', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fix gunicorn-web stdout | ed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:27,162 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,166 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,166 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,169 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde gunicorn-web stdout | 2025-11-04 09:09:27,170 [247] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,171 [249] [DEBUG] [app] Ending request: urn:request:994bf96b-3a32-4da0-8156-2c66a34f3c38 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:994bf96b-3a32-4da0-8156-2c66a34f3c38', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:27,172 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:27,172 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.076 1824 0.075) gunicorn-web stdout | 2025-11-04 09:09:27,174 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c3748d9b-83f1-4f7e-a201-a59de1165e5d']) gunicorn-web stdout | 2025-11-04 09:09:27,178 [247] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'} gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,179 [247] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090927Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:27,180 [247] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090927Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 65bcac83c61c7a083285bba40177d2902d182ee182f49e3265406ebb5096dd6e gunicorn-web stdout | 2025-11-04 09:09:27,181 [247] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | d32d248f1dbcb270fd7e20fb035c0da77eaceefb0da71dbcc71eaa2bcbd4add4 gunicorn-web stdout | 2025-11-04 09:09:27,181 [247] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,181 [247] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:27,181 [247] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,181 [247] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090927Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=d32d248f1dbcb270fd7e20fb035c0da77eaceefb0da71dbcc71eaa2bcbd4add4', 'amz-sdk-invocation-id': b'5aff8207-b15c-49fc-ada1-ca8ab41901d4', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:27,181 [247] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:27,175 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde: {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_ve gunicorn-web stdout | rsion': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1 gunicorn-web stdout | .19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubunt gunicorn-web stdout | u3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version gunicorn-web stdout | ': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy' gunicorn-web stdout | , 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:27,193 [246] [DEBUG] [app] Ending request: urn:request:4d23565a-c80f-411a-859f-99f6ff9beb6e (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:4d23565a-c80f-411a-859f-99f6ff9beb6e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:27,194 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.077 1824 0.077) gunicorn-web stdout | 2025-11-04 09:09:27,195 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:27,198 [247] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 HTTP/1.1" 200 1461 gunicorn-web stdout | 2025-11-04 09:09:27,198 [247] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckyz2-5ue8u4-97b', 'x-amz-id-2': 'mhkckyz2-5ue8u4-97b', 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1461', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:27 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:27,198 [247] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:27,199 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,199 [247] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:27,199 [247] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,199 [247] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,199 [247] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkckyz2-5ue8u4-97b', 'HostId': 'mhkckyz2-5ue8u4-97b', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckyz2-5ue8u4-97b', 'x-amz-id-2': 'mhkckyz2-5ue8u4-97b', 'etag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'content-type': 'application/octet-stream', 'content-length': '1461', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:27 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 21, tzinfo=tzutc()), 'ContentLength': 1461, 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:27,200 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,204 [247] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 10, 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,208 [247] [DEBUG] [app] Ending request: urn:request:437c3d71-35ac-41ac-b66f-f8f4466a113c (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:437c3d71-35ac-41ac-b66f-f8f4466a113c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:27,208 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.099 1794 0.099) gunicorn-web stdout | 2025-11-04 09:09:27,209 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:27,234 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 HTTP/1.1" 200 1476 gunicorn-web stdout | 2025-11-04 09:09:27,234 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckz06-6i5pbu-4wz', 'x-amz-id-2': 'mhkckz06-6i5pbu-4wz', 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1476', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:27 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:27,235 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:27,235 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:27,235 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:27,235 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,235 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:27,235 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkckz06-6i5pbu-4wz', 'HostId': 'mhkckz06-6i5pbu-4wz', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkckz06-6i5pbu-4wz', 'x-amz-id-2': 'mhkckz06-6i5pbu-4wz', 'etag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'content-type': 'application/octet-stream', 'content-length': '1476', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:27 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 52, tzinfo=tzutc()), 'ContentLength': 1476, 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:27,237 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,241 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 10, 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,245 [246] [DEBUG] [app] Ending request: urn:request:5e9333db-c312-4ab6-bb93-bfb77b12c122 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:5e9333db-c312-4ab6-bb93-bfb77b12c122', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:27,245 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:27,246 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.201 1794 0.201) queuecleanupworker stdout | 2025-11-04 09:09:27,426 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:27,543 [246] [DEBUG] [app] Starting request: urn:request:1d2e272d-6e2d-40a4-bab5-7023413b976e (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:27,544 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,544 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,544 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,558 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,559 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,564 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,565 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,572 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,577 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,580 [249] [DEBUG] [app] Starting request: urn:request:d34eb30e-bd39-4359-9ac9-f7dd950b46c8 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:27,580 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,580 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,581 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,581 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,584 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,588 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,592 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,592 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,593 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,595 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 gunicorn-web stdout | 2025-11-04 09:09:27,598 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:27,599 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:27,605 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,599 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284: {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': ' gunicorn-web stdout | ', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following packag gunicorn-web stdout | e versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos gunicorn-web stdout | application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': gunicorn-web stdout | '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the fun gunicorn-web stdout | ctions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofSer gunicorn-web stdout | viceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:27,610 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,613 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,616 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:27,618 [246] [DEBUG] [app] Ending request: urn:request:1d2e272d-6e2d-40a4-bab5-7023413b976e (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:1d2e272d-6e2d-40a4-bab5-7023413b976e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:27,619 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:27,620 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 1, 0]) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.1" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.079 1824 0.078) gunicorn-web stdout | 2025-11-04 09:09:27,621 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.0" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:27,623 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,623 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:27,627 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f gunicorn-web stdout | 2025-11-04 09:09:27,631 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f: {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3. gunicorn-web stdout | 7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability gunicorn-web stdout | has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - gunicorn-web stdout | 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22 gunicorn-web stdout | .04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'http gunicorn-web stdout | s://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:27,653 [249] [DEBUG] [app] Ending request: urn:request:d34eb30e-bd39-4359-9ac9-f7dd950b46c8 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:d34eb30e-bd39-4359-9ac9-f7dd950b46c8', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:27,653 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:27,654 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:27 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.075 1824 0.075) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,745 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:09:27,745 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:27.745810+00:00 (in 0.000000 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:09:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:10.743793+00:00 (in 42.997672 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:14:27 GMT)" (scheduled at 2025-11-04 09:09:27.745464+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,747 [87] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 9, 27, 746629), 'secscanv4/%']) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,747 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:27 GMT)" (scheduled at 2025-11-04 09:09:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,747 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:09:27,747 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:27 GMT)" executed successfully securityscanningnotificationworker stdout | 2025-11-04 09:09:27,757 [87] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 9, 27, 746629), True, datetime.datetime(2025, 11, 4, 9, 9, 27, 746629), 0, 'secscanv4/%']) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,762 [87] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 9, 27, 746629), True, datetime.datetime(2025, 11, 4, 9, 9, 27, 746629), 0, 'secscanv4/%', False, datetime.datetime(2025, 11, 4, 9, 9, 27, 746629), 'secscanv4/%']) securityscanningnotificationworker stdout | 2025-11-04 09:09:27,765 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:09:27,765 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:14:27 GMT)" executed successfully blobuploadcleanupworker stdout | 2025-11-04 09:09:27,828 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:09:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:09:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:16.343350+00:00 (in 48.002504 seconds) exportactionlogsworker stdout | 2025-11-04 09:09:28,341 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:28 GMT)" (scheduled at 2025-11-04 09:09:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:09:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:09:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 28, 341203), True, datetime.datetime(2025, 11, 4, 9, 9, 28, 341203), 0, 'exportactionlogs/%', 50, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:09:28,353 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:09:28,353 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:09:28,354 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:28 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:09:28,507 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:09:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:29.157944+00:00 (in 0.001128 seconds) notificationworker stdout | 2025-11-04 09:09:29,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:39 GMT)" (scheduled at 2025-11-04 09:09:29.156372+00:00) notificationworker stdout | 2025-11-04 09:09:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:09:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 29, 157127), True, datetime.datetime(2025, 11, 4, 9, 9, 29, 157127), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:09:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:39.156372+00:00 (in 9.998084 seconds) notificationworker stdout | 2025-11-04 09:09:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:29 GMT)" (scheduled at 2025-11-04 09:09:29.157944+00:00) notificationworker stdout | 2025-11-04 09:09:29,158 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:09:29,158 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:09:29,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:09:29,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:09:29,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:39 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:29,349 [248] [DEBUG] [app] Starting request: urn:request:c5e29683-c766-4399-b450-1e6a2748d461 (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:29,349 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:29,349 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:29,350 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:29,362 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:29,362 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:29,363 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:29,363 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:29,363 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:29,363 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:29,363 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:29,363 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:29,364 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:29,369 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:29,370 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:29,376 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:29,381 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:29,384 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:29,388 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:29,391 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (("t1"."repository_id" = %s) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, False, 51, 0]) gunicorn-web stdout | 2025-11-04 09:09:29,396 [248] [DEBUG] [app] Ending request: urn:request:c5e29683-c766-4399-b450-1e6a2748d461 (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:c5e29683-c766-4399-b450-1e6a2748d461', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=50&page=1', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '50', 'page': '1'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:29,397 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:29,397 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:29 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=50&page=1 HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=history" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:29 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=50&page=1 HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=history" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1752 0.049) buildlogsarchiver stdout | 2025-11-04 09:09:29,421 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:09:29,630 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:30,313 [246] [DEBUG] [app] Starting request: urn:request:4961262a-77cf-4013-890a-8768ec434fea (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:30,313 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,313 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,314 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,325 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:30,325 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:30,325 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,326 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:30,326 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,326 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,326 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,326 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,327 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:30,332 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,333 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:30,339 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,344 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,347 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,350 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,354 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, None, 1762247370353, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,359 [246] [DEBUG] [app] Ending request: urn:request:4961262a-77cf-4013-890a-8768ec434fea (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:4961262a-77cf-4013-890a-8768ec434fea', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:30,360 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:30 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.048 1770 0.048) gunicorn-web stdout | 2025-11-04 09:09:30,360 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:30 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" repositorygcworker stdout | 2025-11-04 09:09:30,638 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:30,693 [246] [DEBUG] [app] Starting request: urn:request:1416722d-3802-4a21-9bd5-e095029c3ba3 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:30,693 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,693 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,694 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,705 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:30,705 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:30,705 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,705 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:30,705 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:30,706 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,706 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,706 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,707 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:30,712 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:30,713 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:30,720 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,726 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) repositoryactioncounter stdout | 2025-11-04 09:09:30,728 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:30,730 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,733 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,736 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', None, 1762247370736, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:30,741 [246] [DEBUG] [app] Ending request: urn:request:1416722d-3802-4a21-9bd5-e095029c3ba3 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:1416722d-3802-4a21-9bd5-e095029c3ba3', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:30,742 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:30,742 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:30 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.0" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:30 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.1" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.051 1817 0.051) gunicorn-web stdout | 2025-11-04 09:09:31,102 [247] [DEBUG] [app] Starting request: urn:request:73501481-9456-4095-9f71-8f1c0868f543 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,102 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,102 [246] [DEBUG] [app] Starting request: urn:request:e453cdb0-7cd6-442c-a162-71bd4d2c19ff (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,102 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,102 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,102 [248] [DEBUG] [app] Starting request: urn:request:31f21940-6418-4cad-b2df-bff6a319ed2d (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,103 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,103 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,103 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,103 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,103 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,103 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,108 [249] [DEBUG] [app] Starting request: urn:request:20133088-3ec1-4d5f-9cf3-ecfa9cdd0bf7 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,109 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,109 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,109 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,114 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,114 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,114 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,115 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,115 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,115 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,115 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,115 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,115 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,115 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,115 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,116 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,116 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,116 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,116 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,116 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,116 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,116 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,116 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,116 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,116 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,117 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,117 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,117 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,117 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,118 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,118 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,120 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,120 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,120 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,120 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,121 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,121 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,121 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,121 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,121 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,122 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,122 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,123 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,124 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,124 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,125 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,127 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,128 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,128 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,130 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,131 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,133 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,133 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,135 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,136 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,137 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,138 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,139 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,139 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,140 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,142 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,142 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,143 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,144 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247371143, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,145 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,146 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,147 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,149 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247371148, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,149 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247371148, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,150 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,151 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,153 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 gunicorn-web stdout | 2025-11-04 09:09:31,153 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,154 [248] [DEBUG] [app] Starting request: urn:request:39bcbab9-07bb-4805-8f06-433d1a5dcc81 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,154 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,154 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247371154, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,154 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 gunicorn-web stdout | 2025-11-04 09:09:31,154 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,155 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,157 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,159 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,161 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['ef9abce7-c4cd-4ded-b01d-2c5ccca4b9ee']) gunicorn-web stdout | 2025-11-04 09:09:31,163 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,165 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:31,165 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'} gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:31,166 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:31,166 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['f575e9f5-0cf3-43f0-8b1b-0f1457f07e69']) gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,166 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:31,167 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,167 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,167 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,167 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,159 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13: {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this bein gunicorn-web stdout | g detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' gunicorn-web stdout | function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubu gunicorn-web stdout | 2025-11-04 09:09:31,167 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:31,167 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | ntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates gunicorn-web stdout | being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscrip gunicorn-web stdout | 2025-11-04 09:09:31,168 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090931Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | tion required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\n gunicorn-web stdout | openssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:31,169 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090931Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 664ec37c177a546d7aa68d446770f2d5106facd3ec69c84a4b5f60d387796454 gunicorn-web stdout | 2025-11-04 09:09:31,170 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 7495a03f299a79ee65e9b0a1c5328e3e669f6976bb06012faddd41c8451101b8 gunicorn-web stdout | 2025-11-04 09:09:31,170 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,170 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:31,170 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,170 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090931Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=7495a03f299a79ee65e9b0a1c5328e3e669f6976bb06012faddd41c8451101b8', 'amz-sdk-invocation-id': b'eebe95fd-c007-43e4-8003-4dfe990dbb38', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:31,170 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:31,169 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'} gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,172 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:31,173 [246] [DEBUG] [app] Starting request: urn:request:1910415d-7498-4c40-8bea-2e28cea9007c (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:31,173 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,173 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,173 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,173 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090931Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090931Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | cc2ee2e6f95ae71d6f7da2306aa678e71f38f068bc88ac870eeb3b1b5d6fdc9e gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 0b2eb461b1cb89ec6a5f7901e2ad035781398b58c4de9428a7cc295bbf54d732 gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,173 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,174 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,174 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090931Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0b2eb461b1cb89ec6a5f7901e2ad035781398b58c4de9428a7cc295bbf54d732', 'amz-sdk-invocation-id': b'be686aaa-ea17-43b1-b436-d17fa100f771', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:31,175 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:31,181 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,183 [247] [DEBUG] [app] Ending request: urn:request:73501481-9456-4095-9f71-8f1c0868f543 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:73501481-9456-4095-9f71-8f1c0868f543', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,183 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:31,184 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.084 1824 0.083) gunicorn-web stdout | 2025-11-04 09:09:31,186 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,186 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,186 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,186 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,187 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,187 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,187 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,187 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,187 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 HTTP/1.1" 200 1476 gunicorn-web stdout | 2025-11-04 09:09:31,187 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl220-5qn5gk-16aw', 'x-amz-id-2': 'mhkcl220-5qn5gk-16aw', 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1476', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:31,187 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:31,188 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,188 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,188 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,188 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:31,188 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,188 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,189 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl220-5qn5gk-16aw', 'HostId': 'mhkcl220-5qn5gk-16aw', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl220-5qn5gk-16aw', 'x-amz-id-2': 'mhkcl220-5qn5gk-16aw', 'etag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'content-type': 'application/octet-stream', 'content-length': '1476', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 52, tzinfo=tzutc()), 'ContentLength': 1476, 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:31,191 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,191 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,193 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,194 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,194 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,195 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 10, 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,197 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,200 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,200 [249] [DEBUG] [app] Ending request: urn:request:20133088-3ec1-4d5f-9cf3-ecfa9cdd0bf7 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:20133088-3ec1-4d5f-9cf3-ecfa9cdd0bf7', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,201 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:31,201 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,201 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.094 1794 0.094) gunicorn-web stdout | 2025-11-04 09:09:31,205 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 gunicorn-web stdout | 2025-11-04 09:09:31,206 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,210 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,213 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,209 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19: {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - gunicorn-web stdout | 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, gunicorn-web stdout | 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', ' gunicorn-web stdout | description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', gunicorn-web stdout | 2025-11-04 09:09:31,216 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247371216, False, 1, 0]) gunicorn-web stdout | 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updat gunicorn-web stdout | er': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugre gunicorn-web stdout | port.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:31,222 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247371222, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,225 [248] [DEBUG] [app] Ending request: urn:request:31f21940-6418-4cad-b2df-bff6a319ed2d (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:31f21940-6418-4cad-b2df-bff6a319ed2d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,226 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:31,227 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,231 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,234 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['3ba345dd-d3e5-49bf-92a4-9f3634520db3']) gunicorn-web stdout | 2025-11-04 09:09:31,231 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8: {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; i gunicorn-web stdout | t does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu gunicorn-web stdout | /updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 htt gunicorn-web stdout | p://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix gunicorn-web stdout | 2025-11-04 09:09:31,238 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ub gunicorn-web stdout | untu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-441 gunicorn-web stdout | 5` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'} gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:31,240 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090931Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090931Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 81ab943507af6d928db312eab0b37c828f42d0353ed4da83db22b93fd90067a8 gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 189ece111584c2c947cadfb4af1203f305f7b3e3c592c009f7c2f67f4e5198ea gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,241 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:31,242 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,242 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090931Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=189ece111584c2c947cadfb4af1203f305f7b3e3c592c009f7c2f67f4e5198ea', 'amz-sdk-invocation-id': b'60789ea8-2db4-4e7d-8375-c2d5671f5541', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:31,242 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:31,242 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee HTTP/1.1" 200 1463 gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl21v-5o39u8-n1l', 'x-amz-id-2': 'mhkcl21v-5o39u8-n1l', 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1463', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl21v-5o39u8-n1l', 'HostId': 'mhkcl21v-5o39u8-n1l', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl21v-5o39u8-n1l', 'x-amz-id-2': 'mhkcl21v-5o39u8-n1l', 'etag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'content-type': 'application/octet-stream', 'content-length': '1463', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 46, tzinfo=tzutc()), 'ContentLength': 1463, 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:31,243 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:31,245 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,246 [248] [DEBUG] [app] Ending request: urn:request:39bcbab9-07bb-4805-8f06-433d1a5dcc81 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:39bcbab9-07bb-4805-8f06-433d1a5dcc81', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,247 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:31,248 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.148 1824 0.148) gunicorn-web stdout | 2025-11-04 09:09:31,249 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 1, 10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,249 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.141 1824 0.142) gunicorn-web stdout | 2025-11-04 09:09:31,254 [246] [DEBUG] [app] Ending request: urn:request:e453cdb0-7cd6-442c-a162-71bd4d2c19ff (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:e453cdb0-7cd6-442c-a162-71bd4d2c19ff', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,254 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:31,255 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.153 1794 0.153) gunicorn-web stdout | 2025-11-04 09:09:31,291 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf HTTP/1.1" 200 1478 gunicorn-web stdout | 2025-11-04 09:09:31,291 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl24w-7gn1ez-1ec5', 'x-amz-id-2': 'mhkcl24w-7gn1ez-1ec5', 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1478', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:31,291 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:31,291 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,291 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:31,292 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,292 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,292 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl24w-7gn1ez-1ec5', 'HostId': 'mhkcl24w-7gn1ez-1ec5', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl24w-7gn1ez-1ec5', 'x-amz-id-2': 'mhkcl24w-7gn1ez-1ec5', 'etag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'content-type': 'application/octet-stream', 'content-length': '1478', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 58, tzinfo=tzutc()), 'ContentLength': 1478, 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:31,293 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,296 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 10, 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,301 [246] [DEBUG] [app] Ending request: urn:request:1910415d-7498-4c40-8bea-2e28cea9007c (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:1910415d-7498-4c40-8bea-2e28cea9007c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,301 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.194 1794 0.194) gunicorn-web stdout | 2025-11-04 09:09:31,302 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-secscan stdout | 2025-11-04 09:09:31,500 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:09:31,501 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:09:31,506 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:31,592 [246] [DEBUG] [app] Starting request: urn:request:50719158-4863-4c49-b736-1b0970ab068b (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,592 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,592 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,593 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,605 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,606 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,611 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,612 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,618 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,623 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,627 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,631 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,634 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247371634, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,639 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247371639, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,642 [249] [DEBUG] [app] Starting request: urn:request:f113a756-70a4-4cf6-9fc7-5cbd6d821906 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:31,642 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,643 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,643 [247] [DEBUG] [app] Starting request: urn:request:cb921bad-7296-4f03-9123-0c3ed4bd9e71 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} quotaregistrysizeworker stdout | 2025-11-04 09:09:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:09:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:31.643382+00:00 (in 59.999514 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:09:31,644 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:31 GMT)" (scheduled at 2025-11-04 09:09:31.643382+00:00) gunicorn-web stdout | 2025-11-04 09:09:31,644 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,644 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,644 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,644 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:09:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,645 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,648 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,652 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d2b6678e-4d11-4167-b4ca-83ed7b72ea7f']) quotaregistrysizeworker stdout | 2025-11-04 09:09:31,655 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:09:31,655 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:31 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:31,655 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,656 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,656 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,656 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:31,656 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,656 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,656 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:31,656 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,656 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,657 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,657 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'} gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,657 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,658 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,658 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,658 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090931Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090931Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 4c7f05b25057840c6840921584e8ed9674a9901e1646828433f23ee3ef37c663 gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 0c87ff8816d90541d7a1a505be7ce717c6c0648b0a0de401e62e188f0336f739 gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090931Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0c87ff8816d90541d7a1a505be7ce717c6c0648b0a0de401e62e188f0336f739', 'amz-sdk-invocation-id': b'5905dd48-e014-42d1-86fe-1fbffc50d00b', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:31,659 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:31,664 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,664 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:31,665 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,665 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,670 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl2fg-dr8qk2-ar8', 'x-amz-id-2': 'mhkcl2fg-dr8qk2-ar8', 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:31,672 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,672 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:31,673 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl2fg-dr8qk2-ar8', 'HostId': 'mhkcl2fg-dr8qk2-ar8', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl2fg-dr8qk2-ar8', 'x-amz-id-2': 'mhkcl2fg-dr8qk2-ar8', 'etag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:31 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 7, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:31,674 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,676 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,678 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,679 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 10, 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 1]) gunicorn-web stdout | 2025-11-04 09:09:31,679 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,681 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,682 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,684 [246] [DEBUG] [app] Ending request: urn:request:50719158-4863-4c49-b736-1b0970ab068b (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:50719158-4863-4c49-b736-1b0970ab068b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,684 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,685 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.095 1794 0.095) gunicorn-web stdout | 2025-11-04 09:09:31,685 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:31,686 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,688 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,689 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,692 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:31,693 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde gunicorn-web stdout | 2025-11-04 09:09:31,695 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 gunicorn-web stdout | 2025-11-04 09:09:31,697 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde: {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_ve gunicorn-web stdout | rsion': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1 gunicorn-web stdout | .19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubunt gunicorn-web stdout | 2025-11-04 09:09:31,699 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284: {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': ' gunicorn-web stdout | u3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version gunicorn-web stdout | ', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following packag gunicorn-web stdout | ': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy' gunicorn-web stdout | e versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos gunicorn-web stdout | , 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}} gunicorn-web stdout | '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects r gunicorn-web stdout | ecursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n U gunicorn-web stdout | pdate Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen gunicorn-web stdout | bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:31,719 [247] [DEBUG] [app] Ending request: urn:request:cb921bad-7296-4f03-9123-0c3ed4bd9e71 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:cb921bad-7296-4f03-9123-0c3ed4bd9e71', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,720 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.079 1824 0.079) gunicorn-web stdout | 2025-11-04 09:09:31,721 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:31,722 [249] [DEBUG] [app] Ending request: urn:request:f113a756-70a4-4cf6-9fc7-5cbd6d821906 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:f113a756-70a4-4cf6-9fc7-5cbd6d821906', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:31,722 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:31,724 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.0" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:31 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.1" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.083 1824 0.083) gunicorn-web stdout | 2025-11-04 09:09:32,019 [248] [DEBUG] [app] Starting request: urn:request:b986c35f-398b-4494-bb0c-34cc3dc50cf4 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:32,019 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,019 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,020 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,032 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,034 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,039 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,040 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,046 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,051 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,055 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,058 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,061 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247372061, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,066 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247372066, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,071 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,075 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,079 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['64839d2b-ddf6-483e-a320-f8d7b00033ad']) gunicorn-web stdout | 2025-11-04 09:09:32,082 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'} gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:32,083 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,084 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090932Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090932Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 33548e5c22af4a99ab5d4c792b2fe4564fdccb59f3ad1695b0780564e7488074 gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 22ef53b1b0a683feacf8a6b4107f81455f9eb5a15074c8c9c73285919bc9bdac gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090932Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=22ef53b1b0a683feacf8a6b4107f81455f9eb5a15074c8c9c73285919bc9bdac', 'amz-sdk-invocation-id': b'9b9b0f66-43f4-4061-b9b7-732335d08f8c', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:32,085 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:32,097 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:32,097 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl2ra-49fzxw-iqj', 'x-amz-id-2': 'mhkcl2ra-49fzxw-iqj', 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:32 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:32,097 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:32,098 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,098 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:32,098 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,098 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,098 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl2ra-49fzxw-iqj', 'HostId': 'mhkcl2ra-49fzxw-iqj', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl2ra-49fzxw-iqj', 'x-amz-id-2': 'mhkcl2ra-49fzxw-iqj', 'etag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:32 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 14, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:32,100 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,104 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 1, 10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,109 [248] [DEBUG] [app] Ending request: urn:request:b986c35f-398b-4494-bb0c-34cc3dc50cf4 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:b986c35f-398b-4494-bb0c-34cc3dc50cf4', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:32,109 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:32,110 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:32 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:32 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.093 1794 0.093) gunicorn-web stdout | 2025-11-04 09:09:32,422 [246] [DEBUG] [app] Starting request: urn:request:460cbc0d-a9a1-4032-88b2-7e7844fd6a74 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:32,423 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,423 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,424 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,435 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,436 [248] [DEBUG] [app] Starting request: urn:request:b6dbb107-87f3-43e1-b115-267a474019f0 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:32,436 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,436 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,437 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,437 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,438 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,444 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,445 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,449 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,450 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,451 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,451 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,456 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:32,456 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,457 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,460 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,462 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,463 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,466 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,467 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,470 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,471 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,473 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,474 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f gunicorn-web stdout | 2025-11-04 09:09:32,477 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247372477, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,482 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247372482, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,478 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f: {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3. gunicorn-web stdout | 7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability gunicorn-web stdout | has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - gunicorn-web stdout | 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22 gunicorn-web stdout | 2025-11-04 09:09:32,486 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | .04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updati gunicorn-web stdout | ng your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:32,492 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,495 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c3748d9b-83f1-4f7e-a201-a59de1165e5d']) gunicorn-web stdout | 2025-11-04 09:09:32,500 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:32,500 [246] [DEBUG] [app] Ending request: urn:request:460cbc0d-a9a1-4032-88b2-7e7844fd6a74 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:460cbc0d-a9a1-4032-88b2-7e7844fd6a74', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'} gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,501 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:32,501 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:32,502 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:32 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:32 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.081 1824 0.081) gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090932Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090932Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 2bde7226edac6bee195fa07ca5bc7a5c06098f4050c36911595ebc3e206ce37b gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 60fccf15b51947ebdabb492ce9dfe37212ef10aa02d7ef228cbb34aa85f4ab65 gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,502 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:32,503 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,503 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090932Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=60fccf15b51947ebdabb492ce9dfe37212ef10aa02d7ef228cbb34aa85f4ab65', 'amz-sdk-invocation-id': b'4d5c9ab5-009a-440e-9175-d7b8a5aafc44', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:32,503 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:32,514 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 HTTP/1.1" 200 1461 gunicorn-web stdout | 2025-11-04 09:09:32,514 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl32w-b66ce8-uxw', 'x-amz-id-2': 'mhkcl32w-b66ce8-uxw', 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1461', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:32 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:32,514 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:32,515 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:32,515 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:32,515 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,515 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:32,515 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl32w-b66ce8-uxw', 'HostId': 'mhkcl32w-b66ce8-uxw', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl32w-b66ce8-uxw', 'x-amz-id-2': 'mhkcl32w-b66ce8-uxw', 'etag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'content-type': 'application/octet-stream', 'content-length': '1461', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:32 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 21, tzinfo=tzutc()), 'ContentLength': 1461, 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:32,517 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:32,520 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 10, 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 1]) gunicorn-web stdout | 2025-11-04 09:09:32,526 [248] [DEBUG] [app] Ending request: urn:request:b6dbb107-87f3-43e1-b115-267a474019f0 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:b6dbb107-87f3-43e1-b115-267a474019f0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:32,527 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:32,527 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:32 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:32 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.092 1794 0.093) gunicorn-registry stdout | 2025-11-04 09:09:33,779 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,784 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,881 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,889 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,875 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,901 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,910 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,912 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:09:33,906 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:09:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:34,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:44.140529+00:00 (in 9.999564 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:44 GMT)" (scheduled at 2025-11-04 09:09:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:09:34,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 34, 141360), True, datetime.datetime(2025, 11, 4, 9, 9, 34, 141360), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:09:34,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:09:34,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:09:34,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:44 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:34,287 [246] [DEBUG] [app] Starting request: urn:request:6526853c-16fd-4b2a-a80a-7c3eee08b0ec (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:34,287 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:34,287 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:34,288 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:34,299 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:34,300 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:34,301 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:34,306 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:34,307 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:34,313 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:34,317 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:34,320 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:34,324 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:34,328 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, None, 1762247374327, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:09:34,332 [246] [DEBUG] [app] Ending request: urn:request:6526853c-16fd-4b2a-a80a-7c3eee08b0ec (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:6526853c-16fd-4b2a-a80a-7c3eee08b0ec', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:34,333 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:34 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1770 0.049) gunicorn-web stdout | 2025-11-04 09:09:34,334 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:34 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gcworker stdout | 2025-11-04 09:09:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:09:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:55.956600+00:00 (in 21.003747 seconds) gcworker stdout | 2025-11-04 09:09:34,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:04 GMT)" (scheduled at 2025-11-04 09:09:34.952363+00:00) gcworker stdout | 2025-11-04 09:09:34,953 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037774953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:09:34,967 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:09:34,967 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:09:34,968 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:04 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:35,681 [246] [DEBUG] [app] Starting request: urn:request:58f871aa-3a61-44c3-bdf0-3e0816c24581 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:35,681 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:35,681 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:35,682 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:35,693 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:35,694 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:35,695 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:35,700 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:35,701 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:35,707 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:35,711 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:35,715 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:35,718 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:35,722 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', None, 1762247375721, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:35,727 [246] [DEBUG] [app] Ending request: urn:request:58f871aa-3a61-44c3-bdf0-3e0816c24581 (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:58f871aa-3a61-44c3-bdf0-3e0816c24581', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:35,728 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:35 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.1" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.049 1817 0.049) gunicorn-web stdout | 2025-11-04 09:09:35,728 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:35 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.0" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:36,084 [247] [DEBUG] [app] Starting request: urn:request:e7e9adb7-e0d1-4447-a69c-3f0551c21cce (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:36,084 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,084 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,085 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,097 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,098 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,103 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,104 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,110 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,115 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,119 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,122 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,126 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,129 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,133 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 gunicorn-web stdout | 2025-11-04 09:09:36,137 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19: {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - gunicorn-web stdout | 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, gunicorn-web stdout | 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', ' gunicorn-web stdout | description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', gunicorn-web stdout | 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by t gunicorn-web stdout | hese local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - ne gunicorn-web stdout | gligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:36,155 [247] [DEBUG] [app] Ending request: urn:request:e7e9adb7-e0d1-4447-a69c-3f0551c21cce (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:e7e9adb7-e0d1-4447-a69c-3f0551c21cce', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:36,156 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:36,157 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.075 1824 0.075) gunicorn-web stdout | 2025-11-04 09:09:36,833 [248] [DEBUG] [app] Starting request: urn:request:96823dd0-d0ce-42ec-9c7a-845f0d709b7f (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:36,834 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,834 [249] [DEBUG] [app] Starting request: urn:request:1fea6daf-584f-4b24-8aeb-3f69b34d6fcf (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:36,834 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,834 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,834 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,835 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,835 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,838 [247] [DEBUG] [app] Starting request: urn:request:3671d9b1-c507-4289-89d7-c35f9d3ccbdc (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:36,838 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,838 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,838 [246] [DEBUG] [app] Starting request: urn:request:a20d81c2-c3ae-4ed5-a29f-953692bd3787 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:36,839 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,839 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,839 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,840 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,847 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:36,847 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:36,847 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,848 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:36,848 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,848 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,848 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,848 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,848 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,849 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,850 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,850 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:36,850 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:36,850 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,850 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:36,850 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,851 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,851 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,851 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,851 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,852 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,853 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,854 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,855 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,856 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,857 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,857 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,858 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,858 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,859 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,861 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,863 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,863 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,865 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,866 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,868 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,868 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,869 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,871 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,871 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,872 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,872 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,874 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,874 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,875 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,876 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247376875, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,877 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,878 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,879 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,881 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247376881, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,881 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247376881, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,882 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,883 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,885 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 gunicorn-web stdout | 2025-11-04 09:09:36,885 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,886 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 gunicorn-web stdout | 2025-11-04 09:09:36,886 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247376885, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,890 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,890 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,894 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['ef9abce7-c4cd-4ded-b01d-2c5ccca4b9ee']) gunicorn-web stdout | 2025-11-04 09:09:36,895 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,889 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8: {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; i gunicorn-web stdout | t does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu gunicorn-web stdout | /updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 htt gunicorn-web stdout | 2025-11-04 09:09:36,890 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13: {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0- gunicorn-web stdout | p://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix gunicorn-web stdout | 1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to gunicorn-web stdout | 2025-11-04 09:09:36,897 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ub gunicorn-web stdout | fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4 gunicorn-web stdout | untu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-441 gunicorn-web stdout | 2025-11-04 09:09:36,899 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['f575e9f5-0cf3-43f0-8b1b-0f1457f07e69']) gunicorn-web stdout | \nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', gunicorn-web stdout | 2025-11-04 09:09:36,900 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 5` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}} gunicorn-web stdout | 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4 gunicorn-web stdout | \nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ub gunicorn-web stdout | 2025-11-04 09:09:36,901 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'} gunicorn-web stdout | untu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5suppo gunicorn-web stdout | rt0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:36,902 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:36,903 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:36,903 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:36,904 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090936Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090936Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 1ca0afd5e6363addc81c1e0a9011a6dbc1a0a8384d65aa648de0440e3f58de2d gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 45a6156931cafa44ca42099cc8fb6a67eda00cbf9a4027f3c8326b1cdb03b3ac gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090936Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=45a6156931cafa44ca42099cc8fb6a67eda00cbf9a4027f3c8326b1cdb03b3ac', 'amz-sdk-invocation-id': b'e550f37e-5490-4dff-b0d6-79997f0d2ddf', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:36,905 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:36,905 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:36,905 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'} gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:36,906 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090936Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090936Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | cd4a5a1901b7545838386171b9bc23d79b4e427664db86283f106623f2cb0eb9 gunicorn-web stdout | 2025-11-04 09:09:36,907 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | f34bc307cc453c825aff1c977cdfa3ce1f0c03c987b48b8fe060a3dd4015eed6 gunicorn-web stdout | 2025-11-04 09:09:36,908 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,908 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:36,908 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,908 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090936Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=f34bc307cc453c825aff1c977cdfa3ce1f0c03c987b48b8fe060a3dd4015eed6', 'amz-sdk-invocation-id': b'fd5a0edd-1515-4557-b190-cbfe725ff7d5', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:36,908 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:36,911 [249] [DEBUG] [app] Ending request: urn:request:1fea6daf-584f-4b24-8aeb-3f69b34d6fcf (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:1fea6daf-584f-4b24-8aeb-3f69b34d6fcf', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:36,912 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:36,912 [247] [DEBUG] [app] Ending request: urn:request:3671d9b1-c507-4289-89d7-c35f9d3ccbdc (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:3671d9b1-c507-4289-89d7-c35f9d3ccbdc', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:36,913 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:36,913 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.081 1824 0.081) gunicorn-web stdout | 2025-11-04 09:09:36,914 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.077 1824 0.076) gunicorn-web stdout | 2025-11-04 09:09:36,925 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee HTTP/1.1" 200 1463 gunicorn-web stdout | 2025-11-04 09:09:36,925 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6h7-1ajk9z-j8d', 'x-amz-id-2': 'mhkcl6h7-1ajk9z-j8d', 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1463', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:36 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:36,925 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:36,925 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 HTTP/1.1" 200 1476 gunicorn-web stdout | 2025-11-04 09:09:36,926 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6ha-1cjtun-dmf', 'x-amz-id-2': 'mhkcl6ha-1cjtun-dmf', 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1476', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:36 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:36,926 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,926 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:36,926 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:36,926 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,926 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,926 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl6h7-1ajk9z-j8d', 'HostId': 'mhkcl6h7-1ajk9z-j8d', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6h7-1ajk9z-j8d', 'x-amz-id-2': 'mhkcl6h7-1ajk9z-j8d', 'etag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'content-type': 'application/octet-stream', 'content-length': '1463', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:36 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 46, tzinfo=tzutc()), 'ContentLength': 1463, 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:36,926 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:36,926 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:36,926 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,926 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:36,927 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl6ha-1cjtun-dmf', 'HostId': 'mhkcl6ha-1cjtun-dmf', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6ha-1cjtun-dmf', 'x-amz-id-2': 'mhkcl6ha-1cjtun-dmf', 'etag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'content-type': 'application/octet-stream', 'content-length': '1476', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:36 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 52, tzinfo=tzutc()), 'ContentLength': 1476, 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:36,928 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,928 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,932 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 1, 10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,932 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 10, 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,936 [248] [DEBUG] [app] Ending request: urn:request:96823dd0-d0ce-42ec-9c7a-845f0d709b7f (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:96823dd0-d0ce-42ec-9c7a-845f0d709b7f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:36,937 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:36,937 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.106 1794 0.106) gunicorn-web stdout | 2025-11-04 09:09:36,938 [246] [DEBUG] [app] Ending request: urn:request:a20d81c2-c3ae-4ed5-a29f-953692bd3787 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:a20d81c2-c3ae-4ed5-a29f-953692bd3787', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:36,938 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.102 1794 0.102) gunicorn-web stdout | 2025-11-04 09:09:36,939 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:36 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:36,974 [246] [DEBUG] [app] Starting request: urn:request:8448c6b0-680a-4a09-86bc-883b2fdd3546 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:36,974 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,974 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,975 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:36,985 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:36,985 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:36,985 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,985 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:36,985 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:36,986 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,986 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,986 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,987 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,992 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:36,993 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:36,999 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,003 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,007 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,010 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,013 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247377013, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,019 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247377018, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,023 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,027 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,031 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['64839d2b-ddf6-483e-a320-f8d7b00033ad']) gunicorn-web stdout | 2025-11-04 09:09:37,034 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:37,035 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:37,035 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'} gunicorn-web stdout | 2025-11-04 09:09:37,035 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,036 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090937Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090937Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | b821135978add8238d229386c1e7bf7e813dadc0694765dc2daab408cc136de9 gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | d78a83524ed2194dd14fb3a403cb883d9e814f073350e7d0ccda79bc89c026e2 gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,037 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090937Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=d78a83524ed2194dd14fb3a403cb883d9e814f073350e7d0ccda79bc89c026e2', 'amz-sdk-invocation-id': b'da154f58-32fb-4cf5-a428-7c865663c639', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:37,038 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:37,049 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:37,049 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6kv-3h0jvk-b4z', 'x-amz-id-2': 'mhkcl6kv-3h0jvk-b4z', 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:37,049 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:37,050 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,050 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:37,050 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,050 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,050 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl6kv-3h0jvk-b4z', 'HostId': 'mhkcl6kv-3h0jvk-b4z', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6kv-3h0jvk-b4z', 'x-amz-id-2': 'mhkcl6kv-3h0jvk-b4z', 'etag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 14, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:37,051 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,055 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 1, 10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,059 [246] [DEBUG] [app] Ending request: urn:request:8448c6b0-680a-4a09-86bc-883b2fdd3546 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:8448c6b0-680a-4a09-86bc-883b2fdd3546', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:37,060 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.087 1794 0.087) gunicorn-web stdout | 2025-11-04 09:09:37,060 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" securityworker stdout | 2025-11-04 09:09:37,253 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:09:37,253 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:51.254713+00:00 (in 14.001373 seconds) securityworker stdout | 2025-11-04 09:09:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:07 GMT)" (scheduled at 2025-11-04 09:09:37.252445+00:00) securityworker stdout | 2025-11-04 09:09:37,254 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:09:37,254 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:09:37,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:09:37,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:09:37,268 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:09:37,268 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:07 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:37,269 [246] [DEBUG] [app] Starting request: urn:request:8c44f5f8-effd-4bdb-8528-e50cd746dec8 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:37,269 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,269 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,270 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,273 [249] [DEBUG] [app] Starting request: urn:request:f1756dae-5633-4634-8b1d-52a0de16a792 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:37,273 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,273 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,274 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,282 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,283 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,285 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,286 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,287 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,289 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,290 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,292 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,294 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,297 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,300 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,302 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,305 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,306 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,309 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,309 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,312 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,313 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247377312, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,315 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247377315, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,319 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247377318, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,320 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247377320, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,323 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,325 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,328 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,329 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,332 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c3748d9b-83f1-4f7e-a201-a59de1165e5d']) gunicorn-web stdout | 2025-11-04 09:09:37,332 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['3ba345dd-d3e5-49bf-92a4-9f3634520db3']) gunicorn-web stdout | 2025-11-04 09:09:37,336 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:37,336 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'} gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'} gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,338 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:37,339 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,339 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,339 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090937Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:37,339 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090937Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | c2914d05ad8db3b426633826a352508ec6408b334a1a3506235b8267d62c8365 gunicorn-web stdout | 2025-11-04 09:09:37,339 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | d771eb9fbeb96e2f7289fc2a2aa221c028126f3449f916a1322493b28edc2088 gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,339 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090937Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=d771eb9fbeb96e2f7289fc2a2aa221c028126f3449f916a1322493b28edc2088', 'amz-sdk-invocation-id': b'17ab7922-9987-4fea-846f-9da77df36c26', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:37,340 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:37,340 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,340 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,340 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,340 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090937Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090937Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 92464acede9377952d623df33a2feb45e8622dc3c79ada6570055b7b9085565a gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 417b72852f402a80e840bb1d8368a17dbc030c52cd01d744ed1c36d513889844 gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,341 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090937Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=417b72852f402a80e840bb1d8368a17dbc030c52cd01d744ed1c36d513889844', 'amz-sdk-invocation-id': b'6fd686f1-58ad-48f1-8f19-2ecee97314b5', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:37,342 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:37,342 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:37,351 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 HTTP/1.1" 200 1461 gunicorn-web stdout | 2025-11-04 09:09:37,352 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6t9-8gthov-w41', 'x-amz-id-2': 'mhkcl6t9-8gthov-w41', 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1461', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:37,352 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:37,353 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,353 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:37,353 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,353 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,353 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl6t9-8gthov-w41', 'HostId': 'mhkcl6t9-8gthov-w41', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6t9-8gthov-w41', 'x-amz-id-2': 'mhkcl6t9-8gthov-w41', 'etag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'content-type': 'application/octet-stream', 'content-length': '1461', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 21, tzinfo=tzutc()), 'ContentLength': 1461, 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:37,354 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,358 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 10, 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,363 [246] [DEBUG] [app] Ending request: urn:request:8c44f5f8-effd-4bdb-8528-e50cd746dec8 (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:8c44f5f8-effd-4bdb-8528-e50cd746dec8', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:37,363 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.096 1794 0.096) gunicorn-web stdout | 2025-11-04 09:09:37,364 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:37,383 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf HTTP/1.1" 200 1478 gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6u4-8zgyfr-mwe', 'x-amz-id-2': 'mhkcl6u4-8zgyfr-mwe', 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1478', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,384 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl6u4-8zgyfr-mwe', 'HostId': 'mhkcl6u4-8zgyfr-mwe', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl6u4-8zgyfr-mwe', 'x-amz-id-2': 'mhkcl6u4-8zgyfr-mwe', 'etag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'content-type': 'application/octet-stream', 'content-length': '1478', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 58, tzinfo=tzutc()), 'ContentLength': 1478, 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:37,386 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,389 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 10, 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,394 [246] [DEBUG] [app] Starting request: urn:request:10169837-a4ae-4dfc-839f-5354afc84494 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:37,394 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,394 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,394 [249] [DEBUG] [app] Ending request: urn:request:f1756dae-5633-4634-8b1d-52a0de16a792 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:f1756dae-5633-4634-8b1d-52a0de16a792', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:37,395 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:37,395 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,395 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.124 1794 0.124) gunicorn-web stdout | 2025-11-04 09:09:37,407 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,408 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,410 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,415 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,416 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,423 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,428 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,431 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,434 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,438 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,442 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,445 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde namespacegcworker stdout | 2025-11-04 09:09:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:09:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:07.444700+00:00 (in 29.997357 seconds) namespacegcworker stdout | 2025-11-04 09:09:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:37 GMT)" (scheduled at 2025-11-04 09:09:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:09:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:09:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:37 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:37,449 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde: {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_ve gunicorn-web stdout | rsion': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1 gunicorn-web stdout | .19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubunt gunicorn-web stdout | u3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version gunicorn-web stdout | ': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy' gunicorn-web stdout | , 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:37,466 [246] [DEBUG] [app] Ending request: urn:request:10169837-a4ae-4dfc-839f-5354afc84494 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:10169837-a4ae-4dfc-839f-5354afc84494', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:37,466 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:37,467 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.074 1824 0.074) gunicorn-web stdout | 2025-11-04 09:09:37,698 [246] [DEBUG] [app] Starting request: urn:request:e9d1d6d8-8b70-4fa2-b240-e010071d0bf8 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:37,698 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,698 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,698 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,709 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,710 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,711 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,716 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,717 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,723 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,728 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,730 [249] [DEBUG] [app] Starting request: urn:request:2252111c-5647-4e04-932e-797eb587851b (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:37,730 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,730 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 securityworker stdout | 2025-11-04 09:09:37,729 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:37,731 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,732 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,735 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,738 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247377738, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,742 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:37,742 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:37,742 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,743 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:37,743 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,743 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,743 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,743 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,744 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247377743, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,744 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,747 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,749 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,750 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,751 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,756 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d2b6678e-4d11-4167-b4ca-83ed7b72ea7f']) gunicorn-web stdout | 2025-11-04 09:09:37,756 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,759 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'} gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:37,760 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,761 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,761 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090937Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090937Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | bdc4a4809448ccd15c05695c33b6978156b4da48478ccd0d66904a85c0d9ed15 gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | cc2ac3d59520204b8d5f757eb7803fce4f477ebe2303319e1b24da894b5a69e7 gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090937Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=cc2ac3d59520204b8d5f757eb7803fce4f477ebe2303319e1b24da894b5a69e7', 'amz-sdk-invocation-id': b'67e86511-17b7-4241-a8e6-9295b6f849c1', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:37,762 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:37,765 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,768 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,772 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,774 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:37,774 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl74z-fge9ny-111t', 'x-amz-id-2': 'mhkcl74z-fge9ny-111t', 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:37,774 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:37,775 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:37,775 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:37,775 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,775 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:37,775 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcl74z-fge9ny-111t', 'HostId': 'mhkcl74z-fge9ny-111t', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcl74z-fge9ny-111t', 'x-amz-id-2': 'mhkcl74z-fge9ny-111t', 'etag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:37 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 7, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:37,776 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,776 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,779 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 gunicorn-web stdout | 2025-11-04 09:09:37,780 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 10, 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,786 [246] [DEBUG] [app] Ending request: urn:request:e9d1d6d8-8b70-4fa2-b240-e010071d0bf8 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:e9d1d6d8-8b70-4fa2-b240-e010071d0bf8', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:37,786 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.090 1794 0.090) gunicorn-web stdout | 2025-11-04 09:09:37,786 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:37,783 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284: {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': ' gunicorn-web stdout | ', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following packag gunicorn-web stdout | e versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos gunicorn-web stdout | application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': gunicorn-web stdout | '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the fun gunicorn-web stdout | ctions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofSer gunicorn-web stdout | viceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:37,800 [249] [DEBUG] [app] Ending request: urn:request:2252111c-5647-4e04-932e-797eb587851b (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:2252111c-5647-4e04-932e-797eb587851b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:37,800 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:37,801 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.0" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:37 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.1" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.072 1824 0.072) notificationworker stdout | 2025-11-04 09:09:37,920 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:37,966 [249] [DEBUG] [app] Starting request: urn:request:2f3f27a9-e060-4275-9c0b-7f29637457de (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:37,966 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,966 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,967 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,978 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,979 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,985 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:37,986 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:37,991 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,996 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:37,999 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:38,003 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:38,006 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:38,010 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:38,013 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f gunicorn-web stdout | 2025-11-04 09:09:38,017 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f: {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3. gunicorn-web stdout | 7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability gunicorn-web stdout | has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - gunicorn-web stdout | 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22 gunicorn-web stdout | .04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'http gunicorn-web stdout | s://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:38,034 [249] [DEBUG] [app] Ending request: urn:request:2f3f27a9-e060-4275-9c0b-7f29637457de (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:2f3f27a9-e060-4275-9c0b-7f29637457de', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:38,034 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:38 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.070 1824 0.070) gunicorn-web stdout | 2025-11-04 09:09:38,035 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:38 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" notificationworker stdout | 2025-11-04 09:09:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:49.156372+00:00 (in 9.999567 seconds) notificationworker stdout | 2025-11-04 09:09:39,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:49 GMT)" (scheduled at 2025-11-04 09:09:39.156372+00:00) notificationworker stdout | 2025-11-04 09:09:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:09:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 39, 157182), True, datetime.datetime(2025, 11, 4, 9, 9, 39, 157182), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:09:39,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:09:39,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:09:39,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:39,517 [248] [DEBUG] [app] Starting request: urn:request:0073d3c7-245f-431c-a4a2-564580f7e873 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:39,518 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:39,522 [257] [DEBUG] [app] Starting request: urn:request:de8164f2-38b0-44b3-805f-17dee24cf5f6 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:39,522 [257] [DEBUG] [app] Ending request: urn:request:de8164f2-38b0-44b3-805f-17dee24cf5f6 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:de8164f2-38b0-44b3-805f-17dee24cf5f6', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:39,523 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.003 162 0.002) gunicorn-web stdout | 2025-11-04 09:09:39,523 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:39,524 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:39,529 [247] [DEBUG] [app] Starting request: urn:request:a52f9c6d-9e12-4201-a0cb-d33fed0d3e16 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:39,530 [247] [DEBUG] [app] Ending request: urn:request:a52f9c6d-9e12-4201-a0cb-d33fed0d3e16 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:a52f9c6d-9e12-4201-a0cb-d33fed0d3e16', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:39,530 [247] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:39,532 [248] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:39,532 [248] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:39,532 [248] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:39,532 [248] [INFO] [data.database] Connection pooling disabled for postgresql nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:39,554 [248] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:39,554 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:39,576 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:39,580 [248] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:39,584 [248] [DEBUG] [app] Ending request: urn:request:0073d3c7-245f-431c-a4a2-564580f7e873 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:0073d3c7-245f-431c-a4a2-564580f7e873', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:39,584 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:39,585 [248] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.068 118 0.068) gunicorn-web stdout | 2025-11-04 09:09:39,587 [249] [DEBUG] [app] Starting request: urn:request:69d44fa9-2c7d-47c1-9963-5ada9546b105 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:39,589 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:39,591 [264] [DEBUG] [app] Starting request: urn:request:edb56f7f-d576-4568-b453-442e626a32ca (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:39,591 [264] [DEBUG] [app] Ending request: urn:request:edb56f7f-d576-4568-b453-442e626a32ca (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:edb56f7f-d576-4568-b453-442e626a32ca', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:39,592 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:09:39,593 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:39,594 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:39,596 [249] [DEBUG] [app] Starting request: urn:request:87b73c47-a55b-43ad-b9b3-b519bd39799e (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:39,596 [249] [DEBUG] [app] Ending request: urn:request:87b73c47-a55b-43ad-b9b3-b519bd39799e (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:87b73c47-a55b-43ad-b9b3-b519bd39799e', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:39,597 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:39,597 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:39,597 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:39,597 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:39,598 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:39,608 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:39,608 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:39,621 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:39,625 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:39,629 [249] [DEBUG] [app] Ending request: urn:request:69d44fa9-2c7d-47c1-9963-5ada9546b105 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:69d44fa9-2c7d-47c1-9963-5ada9546b105', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:39,629 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:39,629 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.043 118 0.043) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:40 +0000] "GET /repository/quayorg/repo1?tab=tags HTTP/1.1" 200 402 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/organization" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.000 1685 -) autopruneworker stdout | 2025-11-04 09:09:41,054 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:41 +0000] "GET /images/favicon.png HTTP/1.1" 200 15998 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.000 1640 -) gunicorn-web stdout | 2025-11-04 09:09:42,031 [249] [DEBUG] [app] Starting request: urn:request:d0751c12-2302-45e9-881b-1c81bb082011 (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:42,032 [249] [DEBUG] [app] Ending request: urn:request:d0751c12-2302-45e9-881b-1c81bb082011 (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:d0751c12-2302-45e9-881b-1c81bb082011', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:42 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1612 0.002) gunicorn-web stdout | 2025-11-04 09:09:42,032 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:42 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:42,034 [246] [DEBUG] [app] Starting request: urn:request:b7f65f70-3a91-43ef-820a-276e94924719 (/csrf_token) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:42,035 [246] [DEBUG] [app] Ending request: urn:request:b7f65f70-3a91-43ef-820a-276e94924719 (/csrf_token) {'endpoint': 'web.csrf_token', 'request_id': 'urn:request:b7f65f70-3a91-43ef-820a-276e94924719', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/csrf_token', 'path': '/csrf_token', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:42 +0000] "GET /csrf_token HTTP/1.1" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1612 0.002) gunicorn-web stdout | 2025-11-04 09:09:42,035 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:42 +0000] "GET /csrf_token HTTP/1.0" 200 82 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" manifestsubjectbackfillworker stdout | 2025-11-04 09:09:42,249 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:42,374 [248] [DEBUG] [app] Starting request: urn:request:177a1b34-1def-4a7a-9314-e36a7ce7897c (/api/v1/user/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:42,374 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,374 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,375 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:42,377 [246] [DEBUG] [app] Starting request: urn:request:c8ec7f35-d04c-44f8-88ec-140690c2b6c3 (/config) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:42,378 [246] [DEBUG] [app] Ending request: urn:request:c8ec7f35-d04c-44f8-88ec-140690c2b6c3 (/config) {'endpoint': 'web.config', 'request_id': 'urn:request:c8ec7f35-d04c-44f8-88ec-140690c2b6c3', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/config', 'path': '/config', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:42 +0000] "GET /config HTTP/1.1" 200 4079 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.002 1688 0.002) gunicorn-web stdout | 2025-11-04 09:09:42,379 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:42 +0000] "GET /config HTTP/1.0" 200 4079 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,388 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,389 [248] [DEBUG] [peewee] ('SELECT DISTINCT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" INNER JOIN "team" AS "t2" ON ("t2"."organization_id" = "t1"."id") INNER JOIN "teammember" AS "t3" ON ("t3"."team_id" = "t2"."id") INNER JOIN "user" AS "t4" ON ("t4"."id" = "t3"."user_id") WHERE (("t1"."organization" = %s) AND ("t4"."username" = %s))', [True, 'quay']) gunicorn-web stdout | 2025-11-04 09:09:42,395 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,395 [248] [DEBUG] [peewee] ('SELECT "t1"."service_ident", "t2"."name", "t1"."metadata_json" FROM "federatedlogin" AS "t1" INNER JOIN "loginservice" AS "t2" ON ("t1"."service_id" = "t2"."id") WHERE (("t2"."name" != %s) AND ("t1"."user_id" = %s))', ['quayrobot', 1]) gunicorn-web stdout | 2025-11-04 09:09:42,399 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."kind_id" FROM "userprompt" AS "t1" INNER JOIN "userpromptkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE ("t1"."user_id" = %s)', [1]) gunicorn-web stdout | 2025-11-04 09:09:42,403 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:42,406 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:09:42,410 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quay', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:42,413 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quay']) gunicorn-web stdout | 2025-11-04 09:09:42,416 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:42,420 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,420 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,421 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:09:42,425 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,425 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,425 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,426 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,427 [248] [DEBUG] [app] Ending request: urn:request:177a1b34-1def-4a7a-9314-e36a7ce7897c (/api/v1/user/) {'endpoint': 'api.user', 'request_id': 'urn:request:177a1b34-1def-4a7a-9314-e36a7ce7897c', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/', 'path': '/api/v1/user/', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:42,428 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:42,428 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:42 +0000] "GET /api/v1/user/ HTTP/1.0" 200 1229 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:42 +0000] "GET /api/v1/user/ HTTP/1.1" 200 1229 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1694 0.055) gunicorn-web stdout | 2025-11-04 09:09:42,795 [249] [DEBUG] [app] Starting request: urn:request:a4703e8b-1915-43ae-927e-f4833072ba18 (/api/v1/messages) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:42,796 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,795 [246] [DEBUG] [app] Starting request: urn:request:d7726a49-bddb-4e2b-9032-5a71fa771d4e (/api/v1/user/notifications) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:42,796 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,796 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,796 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,797 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:42,797 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:42,809 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:42,809 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,809 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [endpoints.api] Checking permission for user quay gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,809 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:42,810 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."content", "t1"."uuid", "t1"."severity", "t1"."media_type_id", "t2"."id", "t2"."name" FROM "messages" AS "t1" INNER JOIN "mediatype" AS "t2" ON ("t1"."media_type_id" = "t2"."id")', []) gunicorn-web stdout | 2025-11-04 09:09:42,811 [246] [DEBUG] [peewee] ('(SELECT "t1"."id", "t1"."uuid", "t1"."kind_id", "t1"."metadata_json", "t1"."dismissed", "t1"."lookup_path", "t1"."created", "t1"."created" AS "cd", "t1"."target_id" FROM "notification" AS "t1" INNER JOIN "notificationkind" AS "t2" ON ("t1"."kind_id" = "t2"."id") WHERE (("t1"."dismissed" = %s) AND ("t1"."target_id" = %s))) UNION (SELECT "t3"."id", "t3"."uuid", "t3"."kind_id", "t3"."metadata_json", "t3"."dismissed", "t3"."lookup_path", "t3"."created", "t3"."created" AS "cd", "t3"."target_id" FROM "notification" AS "t3" INNER JOIN "notificationkind" AS "t4" ON ("t3"."kind_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t5"."id" = "t3"."target_id") INNER JOIN "team" AS "t6" ON ("t5"."id" = "t6"."organization_id") INNER JOIN "teamrole" AS "t7" ON ("t6"."role_id" = "t7"."id") INNER JOIN "teammember" AS "t8" ON ("t6"."id" = "t8"."team_id") INNER JOIN "user" AS "t9" ON ("t8"."user_id" = "t9"."id") WHERE (("t3"."dismissed" = %s) AND (("t9"."id" = %s) AND ("t7"."name" = %s)))) ORDER BY cd desc LIMIT %s', [False, 1, False, 1, 'admin', 6]) gunicorn-web stdout | 2025-11-04 09:09:42,813 [249] [DEBUG] [app] Ending request: urn:request:a4703e8b-1915-43ae-927e-f4833072ba18 (/api/v1/messages) {'endpoint': 'api.globalusermessages', 'request_id': 'urn:request:a4703e8b-1915-43ae-927e-f4833072ba18', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/messages', 'path': '/api/v1/messages', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:42,814 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:42,814 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:42 +0000] "GET /api/v1/messages HTTP/1.0" 200 17 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:42 +0000] "GET /api/v1/messages HTTP/1.1" 200 17 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.020 1697 0.020) gunicorn-web stdout | 2025-11-04 09:09:42,818 [246] [DEBUG] [app] Ending request: urn:request:d7726a49-bddb-4e2b-9032-5a71fa771d4e (/api/v1/user/notifications) {'endpoint': 'api.usernotificationlist', 'request_id': 'urn:request:d7726a49-bddb-4e2b-9032-5a71fa771d4e', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/user/notifications', 'path': '/api/v1/user/notifications', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:42,818 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:42,819 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:42 +0000] "GET /api/v1/user/notifications HTTP/1.0" 200 43 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:42 +0000] "GET /api/v1/user/notifications HTTP/1.1" 200 43 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.025 1707 0.025) pullstatsredisflushworker stdout | 2025-11-04 09:09:42,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:09:42,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:12.952336+00:00 (in 29.999518 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:09:42,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:12 GMT)" (scheduled at 2025-11-04 09:09:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:09:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:09:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:09:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:12 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:43,552 [249] [DEBUG] [app] Starting request: urn:request:af82ba9c-621c-47e4-89f1-8948b55f3d54 (/api/v1/organization/quayorg) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:43,553 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,553 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,554 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,554 [248] [DEBUG] [app] Starting request: urn:request:6a3c47ac-8395-432f-91a0-90d709ca703d (/api/v1/repository/quayorg/repo1) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:43,554 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,554 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,554 [246] [DEBUG] [app] Starting request: urn:request:c66e25db-9570-46f3-a612-15438bf8e648 (/api/v1/repository/quayorg/repo1/tag/) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:43,555 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,555 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,555 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,556 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,566 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:43,566 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:43,566 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,567 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."organization" = %s) AND ("t1"."username" = %s)) LIMIT %s OFFSET %s', [True, 'quayorg', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,568 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:43,568 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:43,568 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,568 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gcworker stdout | 2025-11-04 09:09:43,567 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,569 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:43,569 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,569 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:43,569 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,569 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,569 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,571 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:43,571 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:43,572 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,572 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,572 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,572 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,574 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed", "t3"."id", "t3"."name" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t3" ON ("t1"."role_id" = "t3"."id") INNER JOIN "user" AS "t2" ON ("t1"."organization_id" = "t2"."id") INNER JOIN "teammember" AS "t4" ON ("t4"."team_id" = "t1"."id") INNER JOIN "user" AS "t5" ON ("t4"."user_id" = "t5"."id") WHERE (("t5"."id" = %s) AND ("t2"."organization" = %s))', [1, True]) gunicorn-web stdout | 2025-11-04 09:09:43,577 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,577 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,578 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:43,579 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:43,579 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,579 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quayorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,579 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='quayorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,580 [249] [DEBUG] [auth.permissions] Organization team added permission: _NamespaceWideNeed(type='organization', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,580 [249] [DEBUG] [auth.permissions] Organization team added repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='superorg', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,580 [249] [DEBUG] [auth.permissions] Team added permission: _TeamTypeNeed(type='orgteam', orgname='superorg', teamname='owners', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,580 [249] [DEBUG] [auth.permissions] Adding superuser to user: quay gunicorn-web stdout | 2025-11-04 09:09:43,580 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."organization_id", "t1"."role_id", "t1"."description" FROM "team" AS "t1" INNER JOIN "teamrole" AS "t2" ON ("t1"."role_id" = "t2"."id") WHERE ("t1"."organization_id" = %s)', [2]) gunicorn-web stdout | 2025-11-04 09:09:43,584 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "repositorypermission" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:09:43,585 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,585 [248] [DEBUG] [endpoints.api.repository] Get repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:43,586 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,588 [249] [DEBUG] [peewee] ('SELECT "t1"."team_id", Count("t1"."id") FROM "teammember" AS "t1" WHERE ("t1"."team_id" IN (%s)) GROUP BY "t1"."team_id"', [1]) gunicorn-web stdout | 2025-11-04 09:09:43,589 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."user_id", "t1"."repository_id", "t1"."created" FROM "star" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."user_id" = %s)) LIMIT %s OFFSET %s', [10, 1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,590 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,590 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,591 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,591 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,591 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,591 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:09:43,593 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."count", "t1"."date" FROM "repositoryactioncount" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."date" >= %s))', [10, datetime.date(2025, 8, 4)]) gunicorn-web stdout | 2025-11-04 09:09:43,593 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,595 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."username" = %s) AND ("t1"."robot" = %s)) LIMIT %s OFFSET %s', ['quayorg', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,596 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,596 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,596 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,597 [248] [DEBUG] [app] Ending request: urn:request:6a3c47ac-8395-432f-91a0-90d709ca703d (/api/v1/repository/quayorg/repo1) {'endpoint': 'api.repository', 'request_id': 'urn:request:6a3c47ac-8395-432f-91a0-90d709ca703d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1?includeStats=true&includeTags=false', 'path': '/api/v1/repository/quayorg/repo1', 'parameters': {'includeStats': 'true', 'includeTags': 'false'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:43,598 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:43,598 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:43 +0000] "GET /api/v1/repository/quayorg/repo1?includeStats=true&includeTags=false HTTP/1.0" 200 3624 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:43 +0000] "GET /api/v1/repository/quayorg/repo1?includeStats=true&includeTags=false HTTP/1.1" 200 3624 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.045 1749 0.045) gunicorn-web stdout | 2025-11-04 09:09:43,598 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."limit_bytes" FROM "userorganizationquota" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_id" = "t2"."id") WHERE ("t2"."username" = %s)', ['quayorg']) gunicorn-web stdout | 2025-11-04 09:09:43,600 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."digest", "t2"."media_type_id", "t2"."layers_compressed_size", "t2"."config_media_type" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE ((("t1"."repository_id" = %s) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) ORDER BY "t1"."lifetime_start_ms" DESC, "t1"."name" LIMIT %s OFFSET %s', [10, None, 1762247383600, False, 101, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,601 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."size_bytes", "t1"."backfill_start_ms", "t1"."backfill_complete" FROM "quotanamespacesize" AS "t1" WHERE ("t1"."namespace_user_id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,605 [249] [DEBUG] [app] Ending request: urn:request:af82ba9c-621c-47e4-89f1-8948b55f3d54 (/api/v1/organization/quayorg) {'endpoint': 'api.organization', 'request_id': 'urn:request:af82ba9c-621c-47e4-89f1-8948b55f3d54', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/organization/quayorg', 'path': '/api/v1/organization/quayorg', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:43,605 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:43,606 [246] [DEBUG] [app] Ending request: urn:request:c66e25db-9570-46f3-a612-15438bf8e648 (/api/v1/repository/quayorg/repo1/tag/) {'endpoint': 'api.listrepositorytags', 'request_id': 'urn:request:c66e25db-9570-46f3-a612-15438bf8e648', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true', 'path': '/api/v1/repository/quayorg/repo1/tag/', 'parameters': {'limit': '100', 'page': '1', 'onlyActiveTags': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:43,606 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:43 +0000] "GET /api/v1/organization/quayorg HTTP/1.0" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:43 +0000] "GET /api/v1/organization/quayorg HTTP/1.1" 200 807 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.055 1709 0.054) gunicorn-web stdout | 2025-11-04 09:09:43,606 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:43,606 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:43 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.0" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:43 +0000] "GET /api/v1/repository/quayorg/repo1/tag/?limit=100&page=1&onlyActiveTags=true HTTP/1.1" 200 294 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.053 1755 0.053) gunicorn-web stdout | 2025-11-04 09:09:43,957 [246] [DEBUG] [app] Starting request: urn:request:5562aba5-92db-4b35-b034-acf19f76360b (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:43,957 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,957 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,958 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,970 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:43,970 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:43,970 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,970 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:43,970 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:43,970 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,971 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,971 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,972 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:43,978 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:43,979 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:43,986 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,991 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,994 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:43,997 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,001 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', None, 1762247384001, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,006 [246] [DEBUG] [app] Ending request: urn:request:5562aba5-92db-4b35-b034-acf19f76360b (/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:5562aba5-92db-4b35-b034-acf19f76360b', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 'parameters': {'include_modelcard': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,007 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:44,007 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.0" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac?include_modelcard=true HTTP/1.1" 200 1764 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.051 1817 0.051) proxycacheblobworker stdout | 2025-11-04 09:09:44,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:44,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:54.140529+00:00 (in 9.999526 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:44,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:54 GMT)" (scheduled at 2025-11-04 09:09:44.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:44,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:09:44,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 44, 141365), True, datetime.datetime(2025, 11, 4, 9, 9, 44, 141365), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:09:44,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:09:44,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:09:44,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:54 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:44,362 [248] [DEBUG] [app] Starting request: urn:request:b7d2ed7c-07f3-4b9c-a1e8-bf131c3fe581 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,363 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,363 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,363 [246] [DEBUG] [app] Starting request: urn:request:358b7474-9502-41c1-ba4e-14e2ac67f6d0 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,363 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,363 [249] [DEBUG] [app] Starting request: urn:request:0084e8b7-afb7-4dfd-9dc8-dc7097083721 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,363 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,363 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,363 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,363 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,364 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,364 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,365 [247] [DEBUG] [app] Starting request: urn:request:004fa511-cc40-4868-a90c-ef1dac002736 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,365 [247] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,365 [247] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,366 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,375 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:44,375 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,375 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,375 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:44,375 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,376 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,376 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,376 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,376 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:44,376 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,376 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,376 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,377 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,377 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,377 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,377 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:44,377 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,377 [247] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,379 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,379 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,379 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,382 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,383 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,384 [247] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,384 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,385 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,385 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,385 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,387 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,388 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,391 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,393 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,394 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,394 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,395 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,397 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,398 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,399 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,399 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,401 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,401 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,402 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,403 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,404 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,405 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,406 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,406 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,408 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247384408, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,409 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,410 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,410 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,412 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 gunicorn-web stdout | 2025-11-04 09:09:44,413 [247] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 gunicorn-web stdout | 2025-11-04 09:09:44,414 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,414 [248] [DEBUG] [app] Starting request: urn:request:23d414a9-f958-4b44-bff8-6bdcfaebd65d (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,414 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,414 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', None, 1762247384413, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,414 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,415 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,417 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 gunicorn-web stdout | 2025-11-04 09:09:44,419 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [42, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,423 [249] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,417 [247] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284: {'manifest_hash': 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'packages': {'1932': {'id': '1932', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1868': {'id': '1868', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1876': {'id': '1876', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'riscv64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1844': {'id': '1844', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1884': {'id': '1884', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'riscv64'}, '1904': {'id': '1904', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1956': {'id': '1956', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1914': {'id': '1914', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'riscv64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1892': {'id': '1892', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1944': {'id': '1944', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1970': {'id': '1970', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1846': {'id': '1846', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1860': {'id': '1860', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1910': {'id': '1910', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1926': {'id': '1926', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1928': {'id': '1928', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1936': {'id': '1936', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1974': {'id': '1974', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '2014': {'id': '2014', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1902': {'id': '1902', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1930': {'id': '1930', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1948': {'id': '1948', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1952': {'id': '1952', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1966': {'id': '1966', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1866': {'id': '1866', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1886': {'id': '1886', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1894': {'id': '1894', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1896': {'id': '1896', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1898': {'id': '1898', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1906': {'id': '1906', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1912': {'id': '1912', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1856': {'id': '1856', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1946': {'id': '1946', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1954': {'id': '1954', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1964': {'id': '1964', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1982': {'id': '1982', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'riscv64'}, '1998': {'id': '1998', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2020': {'id': '2020', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2026': {'id': '2026', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1934': {'id': '1934', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1942': {'id': '1942', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2002': {'id': '2002', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '2004': {'id': '2004', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'riscv64'}, '2030': {'id': '2030', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2038': {'id': '2038', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1870': {'id': '1870', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1872': {'id': '1872', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1850': {'id': '1850', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1852': {'id': '1852', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1864': {'id': '1864', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'riscv64'}, '1950': {'id': '1950', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1968': {'id': '1968', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1854': {'id': '1854', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1890': {'id': '1890', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1900': {'id': '1900', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'riscv64'}, '1908': {'id': '1908', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1924': {'id': '1924', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'riscv64'}, '1938': {'id': '1938', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1874': {'id': '1874', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1922': {'id': '1922', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1940': {'id': '1940', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'riscv64'}, '1958': {'id': '1958', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1976': {'id': '1976', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1980': {'id': '1980', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1988': {'id': '1988', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1994': {'id': '1994', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1882': {'id': '1882', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'riscv64'}, '1978': {'id': '1978', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '1986': {'id': '1986', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}, '2006': {'id': '2006', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2012': {'id': '2012', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'riscv64'}, '2018': {'id': '2018', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1916': {'id': '1916', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1984': {'id': '1984', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2008': {'id': '2008', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '2024': {'id': '2024', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '2032': {'id': '2032', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'riscv64'}, '2040': {'id': '2040', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'riscv64'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1878': {'id': '1878', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1918': {'id': '1918', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2000': {'id': '2000', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'riscv64'}, '2022': {'id': '2022', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1862': {'id': '1862', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1920': {'id': '1920', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'riscv64'}, '1962': {'id': '1962', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'riscv64'}, '1990': {'id': '1990', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'riscv64'}, '1848': {'id': '1848', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'riscv64'}, '1996': {'id': '1996', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'riscv64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2008': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1874': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1860': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1900': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1906': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1910': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1934': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2014': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1918': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2006': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1852': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1884': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1898': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1914': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1944': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1974': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1896': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1950': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1976': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1990': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1994': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1996': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2002': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2032': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1868': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1970': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2018': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2022': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1862': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1866': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1872': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1882': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1892': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1902': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1846': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1904': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1912': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1908': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1924': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1926': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1930': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1942': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1916': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1954': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1968': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1986': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1848': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1948': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1980': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1982': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2000': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2026': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1956': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1998': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2004': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1856': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1878': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1938': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1940': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1978': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1988': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1876': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1946': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1958': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1966': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2012': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2020': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1870': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1894': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1952': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2024': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2030': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '2040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1850': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1854': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1886': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1890': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1922': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1964': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1984': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1844': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1864': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1920': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1928': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1932': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1936': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}], '1962': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': ' gunicorn-web stdout | ', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following packag gunicorn-web stdout | e versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos gunicorn-web stdout | application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': gunicorn-web stdout | '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the fun gunicorn-web stdout | 2025-11-04 09:09:44,426 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | ctions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instruct gunicorn-web stdout | ions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}}, 'package_vulnerabilities': {'1898': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1852': ['2499906'], '1864': ['2843395'], '2032': ['2790153', '2112903', '1696964'], '1902': ['2665338', '1988933', '1988914'], '1912': ['980564'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1982': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1996': ['2790713', '2259833', '1672464', '1523094'], '1926': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1904': ['980557'], '1956': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1964': ['1540355', '983329', '982616'], '1896': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1850': ['1516509'], '1994': ['960172'], '1938': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2018': ['2837991', '2228820', '2007560', '1266677'], '1922': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1936': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1948': ['2837880', '2228793', '2007536', '1266500'], '1892': ['2499829'], '2004': ['1700452'], '1986': ['2790703', '2259827', '1672454', '1523087'], '2008': ['980580'], '1946': ['2837871', '2228777', '2007527', '1266440'], '1186': ['960164'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1872': ['2764035', '1506477', '1357966'], '1866': ['980539'], '2038': ['2499877'], '1962': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2006': ['2609399', '2206787', '2005450', '439420'], '2000': ['2499866'], '1932': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1978': ['2499856'], '2022': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1958': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2014': ['2499870'], '1988': ['2428498', '960182'], '1984': ['2121872', '1148585'], '1918': ['2485497'], '1916': ['2121322', '1148428'], '1966': ['456116'], '2020': ['2609409', '2206794', '2005452', '439426'], '2024': ['2114483'], '1854': ['2815552', '451117'], '1980': ['980572'], '1990': ['2837900', '2228805', '2007548', '1266661'], '1968': ['2114475'], '1870': ['2120044', '1146399'], '2040': ['1518586'], '1944': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:44,427 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,427 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['ef9abce7-c4cd-4ded-b01d-2c5ccca4b9ee']) gunicorn-web stdout | 2025-11-04 09:09:44,421 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13: {'manifest_hash': 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'packages': {'1254': {'id': '1254', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1256': {'id': '1256', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1266': {'id': '1266', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1240': {'id': '1240', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'armhf'}, '1400': {'id': '1400', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1436': {'id': '1436', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'armhf'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1344': {'id': '1344', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1386': {'id': '1386', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1422': {'id': '1422', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1312': {'id': '1312', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1322': {'id': '1322', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1326': {'id': '1326', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1366': {'id': '1366', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1434': {'id': '1434', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1270': {'id': '1270', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'armhf'}, '1278': {'id': '1278', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1294': {'id': '1294', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'armhf'}, '1380': {'id': '1380', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1402': {'id': '1402', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1416': {'id': '1416', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1420': {'id': '1420', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1330': {'id': '1330', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1238': {'id': '1238', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'armhf'}, '1246': {'id': '1246', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1356': {'id': '1356', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1358': {'id': '1358', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1374': {'id': '1374', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1414': {'id': '1414', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1328': {'id': '1328', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1350': {'id': '1350', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1410': {'id': '1410', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1418': {'id': '1418', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1426': {'id': '1426', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1244': {'id': '1244', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1258': {'id': '1258', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'armhf'}, '1260': {'id': '1260', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', gunicorn-web stdout | 'kind': 'source'}, 'arch': 'armhf'}, '1264': {'id': '1264', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1302': {'id': '1302', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1318': {'id': '1318', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'armhf'}, '1336': {'id': '1336', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1340': {'id': '1340', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1250': {'id': '1250', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'armhf'}, '1268': {'id': '1268', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1296': {'id': '1296', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1320': {'id': '1320', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1364': {'id': '1364', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1370': {'id': '1370', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'armhf'}, '1390': {'id': '1390', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1396': {'id': '1396', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1276': {'id': '1276', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1308': {'id': '1308', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'armhf'}, '1314': {'id': '1314', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1398': {'id': '1398', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'armhf'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1248': {'id': '1248', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1280': {'id': '1280', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1290': {'id': '1290', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1378': {'id': '1378', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'armhf'}, '1384': {'id': '1384', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'armhf'}, '1392': {'id': '1392', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1292': {'id': '1292', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1310': {'id': '1310', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1324': {'id': '1324', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'armhf'}, '1332': {'id': '1332', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'armhf'}, '1338': {'id': '1338', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1382': {'id': '1382', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'armhf'}, '1404': {'id': '1404', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1262': {'id': '1262', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1284': {'id': '1284', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'armhf'}, '1334': {'id': '1334', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1342': {'id': '1342', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'armhf'}, '1348': {'id': '1348', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'armhf'}, '1394': {'id': '1394', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'armhf'}, '1408': {'id': '1408', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'armhf'}, '1298': {'id': '1298', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1304': {'id': '1304', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1242': {'id': '1242', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'armhf'}, '1286': {'id': '1286', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'armhf'}, '1288': {'id': '1288', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'armhf'}, '1362': {'id': '1362', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1272': {'id': '1272', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1306': {'id': '1306', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1316': {'id': '1316', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1360': {'id': '1360', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'armhf'}, '1376': {'id': '1376', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'armhf'}, '1428': {'id': '1428', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'armhf'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1300': {'id': '1300', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'armhf'}, '1346': {'id': '1346', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'armhf'}, '1352': {'id': '1352', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'armhf'}, '1372': {'id': '1372', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'armhf'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1382': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1384': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1262': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1300': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1420': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1436': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1266': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1256': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1260': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1380': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1386': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1328': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1334': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1398': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1404': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1418': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1390': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1408': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1422': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1244': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1272': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1318': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1340': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1360': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1416': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1248': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1310': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1344': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1358': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1370': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1402': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1280': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1308': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1316': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1324': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1348': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1396': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1434': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1306': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1362': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1378': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1428': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1292': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1302': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1350': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1410': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1426': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1320': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1326': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1246': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1276': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1304': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1238': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1268': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1286': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1314': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1330': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1332': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1336': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1338': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1250': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1284': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1288': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1322': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1342': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1392': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1400': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1258': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1294': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1346': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1352': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1374': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1394': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1414': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1254': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1264': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1270': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1296': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1312': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1364': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1366': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1376': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1278': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1290': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1298': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1356': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}], '1372': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 gunicorn-web stdout | 2025-11-04 09:09:44,428 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-202 gunicorn-web stdout | 2025-11-04 09:09:44,429 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4 gunicorn-web stdout | \nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022- gunicorn-web stdout | 2025-11-04 09:09:44,429 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity gunicorn-web stdout | ': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications worki gunicorn-web stdout | 2025-11-04 09:09:44,430 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | ng with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}}, 'package_vulnerabilities': {'1296': ['2665338', '1988933', '1988914'], '1378': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1380': ['2121872', '1148585'], '1418': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1266': ['2764035', '1506477', '1357966'], '1428': ['2790153', '2112903', '1696964'], '1392': ['2790713', '2259833', '1672464', '1523094'], '1356': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1244': ['1516509'], '1436': ['1518586'], '1260': ['980539'], '1416': ['2609409', '2206794', '2005452', '439426'], '1292': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1358': ['1540355', '983329', '982616'], '1312': ['2485497'], '1384': ['2428498', '960182'], '1402': ['2609399', '2206787', '2005450', '439420'], '1400': ['1700452'], '1248': ['2815552', '451117'], '1386': ['2837900', '2228805', '2007548', '1266661'], '1376': ['980572'], '1420': ['2114483'], '1396': ['2499866'], '1362': ['2114475'], '1298': ['980557'], '1316': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1374': ['2499856'], '1404': ['980580'], '1246': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1414': ['2837991', '2228820', '2007560', '1266677'], '1350': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1434': ['2499877'], '1330': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1382': ['2790703', '2259827', '1672454', '1523087'], '1290': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1264': ['2120044', '1146399'], '1186': ['960164'], '1390': ['960172'], '1310': ['2121322', '1148428'], '1258': ['2843395'], '1306': ['980564'], '1342': ['2837880', '2228793', '2007536', '1266500'], '1286': ['2499829'], '1320': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1360': ['456116'], '1326': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1410': ['2499870'], '1332': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1338': ['2499847'], '1352': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1340': ['2837871', '2228777', '2007527', '1266440']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:44,430 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,430 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,431 [249] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'} gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,432 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:44,432 [249] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:44,433 [249] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090944Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090944Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 58fb0573e6990e47c306b41648c6d596056094ffb2cfd1468fb08789aae7d9cf gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 764d2b58e42d3827a03bdef4c14b270277933a2ab7951f37091f5d0523220adf gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090944Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=764d2b58e42d3827a03bdef4c14b270277933a2ab7951f37091f5d0523220adf', 'amz-sdk-invocation-id': b'4174198a-d7bf-41d3-a4a5-aa3d0ded4d2b', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:44,434 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:44,437 [247] [DEBUG] [app] Ending request: urn:request:004fa511-cc40-4868-a90c-ef1dac002736 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:004fa511-cc40-4868-a90c-ef1dac002736', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,437 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:44,438 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,439 [247] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.0" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:44,439 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,439 [246] [DEBUG] [app] Ending request: urn:request:358b7474-9502-41c1-ba4e-14e2ac67f6d0 (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:358b7474-9502-41c1-ba4e-14e2ac67f6d0', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,440 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:44,441 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284/security?vulnerabilities=true HTTP/1.1" 200 379910 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.075 1824 0.075) nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.079 1824 0.080) gunicorn-web stdout | 2025-11-04 09:09:44,446 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,451 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,455 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,459 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,462 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247384462, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,468 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', None, 1762247384467, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,472 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [43, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,476 [248] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,478 [249] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/27/27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee HTTP/1.1" 200 1463 gunicorn-web stdout | 2025-11-04 09:09:44,478 [249] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclcb7-ak2fdx-zvs', 'x-amz-id-2': 'mhkclcb7-ak2fdx-zvs', 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1463', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:44 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:44,478 [249] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:44,479 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,479 [249] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:44,479 [249] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,479 [249] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,479 [249] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkclcb7-ak2fdx-zvs', 'HostId': 'mhkclcb7-ak2fdx-zvs', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclcb7-ak2fdx-zvs', 'x-amz-id-2': 'mhkclcb7-ak2fdx-zvs', 'etag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:46 GMT', 'content-type': 'application/octet-stream', 'content-length': '1463', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:44 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 46, tzinfo=tzutc()), 'ContentLength': 1463, 'ETag': '"04d5b4ee558a00b301c2244da04596d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:44,480 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['f575e9f5-0cf3-43f0-8b1b-0f1457f07e69']) gunicorn-web stdout | 2025-11-04 09:09:44,480 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,484 [248] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:44,484 [249] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 1, 10, 'sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,485 [248] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'} gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:44,486 [248] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,487 [248] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090944Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090944Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 2eb2bd699ffa5432b022f64feecdee08245563814a2cfa774bfe87ba855d7819 gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 965ee553c22bd2294fa69ac71a49f0261bf4f1842d1489a6a57d8e4d27a453c7 gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:44,488 [248] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,489 [248] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090944Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=965ee553c22bd2294fa69ac71a49f0261bf4f1842d1489a6a57d8e4d27a453c7', 'amz-sdk-invocation-id': b'4ac76a5e-ca58-4dd5-a1e5-81f0ee8356f1', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:44,489 [249] [DEBUG] [app] Ending request: urn:request:0084e8b7-afb7-4dfd-9dc8-dc7097083721 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:0084e8b7-afb7-4dfd-9dc8-dc7097083721', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,489 [248] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:44,489 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:44,490 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.128 1794 0.128) gunicorn-web stdout | 2025-11-04 09:09:44,494 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19: {'manifest_hash': 'sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19', 'packages': {'1208': {'id': '1208', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1212': {'id': '1212', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1048': {'id': '1048', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1092': {'id': '1092', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'amd64'}, '1146': {'id': '1146', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'amd64'}, '1182': {'id': '1182', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'amd64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1058': {'id': '1058', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1066': {'id': '1066', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1102': {'id': '1102', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1138': {'id': '1138', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1156': {'id': '1156', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1192': {'id': '1192', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'amd64'}, '1206': {'id': '1206', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'amd64'}, '1078': {'id': '1078', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1098': {'id': '1098', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'amd64'}, '1110': {'id': '1110', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1142': {'id': '1142', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1160': {'id': '1160', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1168': {'id': '1168', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1180': {'id': '1180', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1088': {'id': '1088', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1090': {'id': '1090', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1108': {'id': '1108', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1116': {'id': '1116', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'amd64'}, '1128': {'id': '1128', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1154': {'id': '1154', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1178': {'id': '1178', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1198': {'id': '1198', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'amd64'}, '1038': {'id': '1038', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'amd64'}, '1118': {'id': '1118', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1124': {'id': '1124', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1134': {'id': '1134', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1144': {'id': '1144', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1164': {'id': '1164', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1216': {'id': '1216', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1064': {'id': '1064', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1084': {'id': '1084', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1120': {'id': '1120', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'amd64'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1234': {'id': '1234', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'amd64'}, '1060': {'id': '1060', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1218': {'id': '1218', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1224': {'id': '1224', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1094': {'id': '1094', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1122': {'id': '1122', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1086': {'id': '1086', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'amd64'}, '1042': {'id': '1042', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1056': {'id': '1056', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'amd64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1074': {'id': '1074', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1150': {'id': '1150', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1200': {'id': '1200', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1202': {'id': '1202', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1052': {'id': '1052', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1082': {'id': '1082', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1096': {'id': '1096', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1100': {'id': '1100', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1196': {'id': '1196', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'amd64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1070': {'id': '1070', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1104': {'id': '1104', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1172': {'id': '1172', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1174': {'id': '1174', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1184': {'id': '1184', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1190': {'id': '1190', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'amd64'}, '1226': {'id': '1226', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'amd64'}, '1232': {'id': '1232', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1112': {'id': '1112', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1114': {'id': '1114', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1136': {'id': '1136', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1158': {'id': '1158', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'amd64'}, '1214': {'id': '1214', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1046': {'id': '1046', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1062': {'id': '1062', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'amd64'}, '1106': {'id': '1106', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'amd64'}, '1162': {'id': '1162', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1036': {'id': '1036', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1054': {'id': '1054', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1076': {'id': '1076', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'amd64'}, '1130': {'id': '1130', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'amd64'}, '1148': {'id': '1148', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1220': {'id': '1220', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'amd64'}, '1044': {'id': '1044', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1140': {'id': '1140', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'amd64'}, '1170': {'id': '1170', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'amd64'}, '1176': {'id': '1176', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'amd64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1040': {'id': '1040', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'amd64'}, '1068': {'id': '1068', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'amd64'}, '1126': {'id': '1126', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}, '1132': {'id': '1132', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'amd64'}, '1188': {'id': '1188', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'amd64'}, '1194': {'id': '1194', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'amd64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1212': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1040': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1174': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1058': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1038': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1042': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1036': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1160': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1218': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1194': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1088': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}], '1170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:405f018f9d1d0f351c196b841a7c7f226fb8ea448acd6339a9ed8741600275a2', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - gunicorn-web stdout | 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, gunicorn-web stdout | 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', ' gunicorn-web stdout | description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', gunicorn-web stdout | 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by t gunicorn-web stdout | hese local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - ne gunicorn-web stdout | gligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}}, 'package_vulnerabilities': {'1190': ['2790713', '2259833', '1672464', '1523094'], '1056': ['2843395'], '1062': ['2120044', '1146399'], '1216': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1234': ['1518586'], '1186': ['960164'], '1184': ['2837900', '2228805', '2007548', '1266661'], '1174': ['980572'], '1130': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1044': ['2499906'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1182': ['2428498', '960182'], '1180': ['2790703', '2259827', '1672454', '1523087'], '1090': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1118': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1140': ['2837880', '2228793', '2007536', '1266500'], '1110': ['2485497'], '1208': ['2499870'], '1156': ['1540355', '983329', '982616'], '1154': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1232': ['2499877'], '1226': ['2790153', '2112903', '1696964'], '1202': ['980580'], '1198': ['1700452'], '1046': ['2815552', '451117'], '1058': ['980539'], '1128': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1108': ['2121322', '1148428'], '1124': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1104': ['980564'], '1158': ['456116'], '1194': ['2499866'], '1218': ['2114483'], '1172': ['2499856'], '1064': ['2764035', '1506477', '1357966'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1160': ['2114475'], '1042': ['1516509'], '1114': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1136': ['2499847'], '1176': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1148': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1200': ['2609399', '2206787', '2005450', '439420'], '1188': ['960172'], '1178': ['2121872', '1148585'], '1096': ['980557'], '1214': ['2609409', '2206794', '2005452', '439426'], '1088': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1094': ['2665338', '1988933', '1988914'], '1212': ['2837991', '2228820', '2007560', '1266677'], '1138': ['2837871', '2228777', '2007527', '1266440'], '1084': ['2499829'], '1150': ['2854573', '2836745', '2485520', '2418389', '1257888']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:44,514 [248] [DEBUG] [app] Ending request: urn:request:b7d2ed7c-07f3-4b9c-a1e8-bf131c3fe581 (/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:b7d2ed7c-07f3-4b9c-a1e8-bf131c3fe581', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,515 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:44,516 [248] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:44,517 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:bace9fb0d5923a675c894d5c815da75ffe35e24970166a48a4460a48ae6e0d19/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.155 1824 0.155) gunicorn-web stdout | 2025-11-04 09:09:44,554 [248] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b7/b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51 HTTP/1.1" 200 1476 gunicorn-web stdout | 2025-11-04 09:09:44,555 [248] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclcdb-btm2wj-12iq', 'x-amz-id-2': 'mhkclcdb-btm2wj-12iq', 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1476', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:44 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:44,555 [248] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:44,556 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,556 [248] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:44,556 [248] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,556 [248] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,556 [248] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkclcdb-btm2wj-12iq', 'HostId': 'mhkclcdb-btm2wj-12iq', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclcdb-btm2wj-12iq', 'x-amz-id-2': 'mhkclcdb-btm2wj-12iq', 'etag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:52 GMT', 'content-type': 'application/octet-stream', 'content-length': '1476', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:44 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 52, tzinfo=tzutc()), 'ContentLength': 1476, 'ETag': '"1094804d74cbb2322536db2e1d9fd6c7-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:44,558 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,562 [248] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b7071f5bf0dfdce3f7923cecdc188f026ef6938c448ffe052f5dac2b79bb0d51', 1, 10, 'sha256:5aeb313108e16ff98084efb2ae2830cbe915ea38b3e2fd1e32688dd9d8c11320', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,566 [248] [DEBUG] [app] Ending request: urn:request:23d414a9-f958-4b44-bff8-6bdcfaebd65d (/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:23d414a9-f958-4b44-bff8-6bdcfaebd65d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,566 [248] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.203 1794 0.203) gunicorn-web stdout | 2025-11-04 09:09:44,567 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:02ef83b72fb2fb709c356d0669a433555bcc5d07e31dc0016d036f1ca201bf13 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:44,827 [246] [DEBUG] [app] Starting request: urn:request:1e035bcc-a68f-4ecc-9092-fa537ddb3593 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,827 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,827 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,828 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,839 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,840 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,845 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,846 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,853 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,858 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,861 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,864 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,868 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247384867, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,872 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', None, 1762247384872, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,876 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,880 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,884 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['3ba345dd-d3e5-49bf-92a4-9f3634520db3']) gunicorn-web stdout | 2025-11-04 09:09:44,888 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'} gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:44,889 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090944Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090944Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 16e9661c835f31e5a41e1da2ba256dc1860b82abd831af5e3a93c720d2e664a8 gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 671c87914df19d6ea0a18048881c166acf10ffec95d1bb29b187b148467cbf7d gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:44,890 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,891 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090944Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=671c87914df19d6ea0a18048881c166acf10ffec95d1bb29b187b148467cbf7d', 'amz-sdk-invocation-id': b'b1790f4e-a0e1-4e6c-af80-d1be00828a5a', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:44,891 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:44,891 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: s3.openshift-storage.svc.cluster.local gunicorn-web stdout | 2025-11-04 09:09:44,914 [249] [DEBUG] [app] Starting request: urn:request:91bf8e55-c35f-44e1-bf05-0473ade03f98 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:44,915 [249] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,915 [249] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,916 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,928 [249] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:44,928 [249] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:44,928 [249] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,928 [249] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:44,929 [249] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:44,929 [249] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,929 [249] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,929 [249] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,931 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,933 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/a7/a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf HTTP/1.1" 200 1478 gunicorn-web stdout | 2025-11-04 09:09:44,933 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclcnu-1jcuiz-ofy', 'x-amz-id-2': 'mhkclcnu-1jcuiz-ofy', 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1478', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:44 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:44,934 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:44,934 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:44,934 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:44,934 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,934 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:44,934 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkclcnu-1jcuiz-ofy', 'HostId': 'mhkclcnu-1jcuiz-ofy', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclcnu-1jcuiz-ofy', 'x-amz-id-2': 'mhkclcnu-1jcuiz-ofy', 'etag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'last-modified': 'Tue, 04 Nov 2025 08:28:58 GMT', 'content-type': 'application/octet-stream', 'content-length': '1478', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:44 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 28, 58, tzinfo=tzutc()), 'ContentLength': 1478, 'ETag': '"003b8975620cedcb15aa1dd8acd370a1-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:44,936 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,936 [249] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:44,938 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,939 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:a7870fd478f437287beee208fe5579ce43b03fae2821d39f77b350f7da51b1bf', 1, 10, 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 1]) gunicorn-web stdout | 2025-11-04 09:09:44,944 [246] [DEBUG] [app] Ending request: urn:request:1e035bcc-a68f-4ecc-9092-fa537ddb3593 (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:1e035bcc-a68f-4ecc-9092-fa537ddb3593', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,944 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,944 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.119 1794 0.119) gunicorn-web stdout | 2025-11-04 09:09:44,945 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:44,950 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,954 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,957 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,961 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,965 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:44,968 [249] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde gunicorn-web stdout | 2025-11-04 09:09:44,972 [249] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde: {'manifest_hash': 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1676': {'id': '1676', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1712': {'id': '1712', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1720': {'id': '1720', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1724': {'id': '1724', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1726': {'id': '1726', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1736': {'id': '1736', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1692': {'id': '1692', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1738': {'id': '1738', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1750': {'id': '1750', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1770': {'id': '1770', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1776': {'id': '1776', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1778': {'id': '1778', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1796': {'id': '1796', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1832': {'id': '1832', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1642': {'id': '1642', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1690': {'id': '1690', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1746': {'id': '1746', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1762': {'id': '1762', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1804': {'id': '1804', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1704': {'id': '1704', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1752': {'id': '1752', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1802': {'id': '1802', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1838': {'id': '1838', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1654': {'id': '1654', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1658': {'id': '1658', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1742': {'id': '1742', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1754': {'id': '1754', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1764': {'id': '1764', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1766': {'id': '1766', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1684': {'id': '1684', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1756': {'id': '1756', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1800': {'id': '1800', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1814': {'id': '1814', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1730': {'id': '1730', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1660': {'id': '1660', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1668': {'id': '1668', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1694': {'id': '1694', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1722': {'id': '1722', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1728': {'id': '1728', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1782': {'id': '1782', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1648': {'id': '1648', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1662': {'id': '1662', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1664': {'id': '1664', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1700': {'id': '1700', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1748': {'id': '1748', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1790': {'id': '1790', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1794': {'id': '1794', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1830': {'id': '1830', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1696': {'id': '1696', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1744': {'id': '1744', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1780': {'id': '1780', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1812': {'id': '1812', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1644': {'id': '1644', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1646': {'id': '1646', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1680': {'id': '1680', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1688': {'id': '1688', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1702': {'id': '1702', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1708': {'id': '1708', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1718': {'id': '1718', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1806': {'id': '1806', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1716': {'id': '1716', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1768': {'id': '1768', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1808': {'id': '1808', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1824': {'id': '1824', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1840': {'id': '1840', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'ppc64el'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1786': {'id': '1786', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1788': {'id': '1788', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1674': {'id': '1674', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'ppc64el'}, '1710': {'id': '1710', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1740': {'id': '1740', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1774': {'id': '1774', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1798': {'id': '1798', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1818': {'id': '1818', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1820': {'id': '1820', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1732': {'id': '1732', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1650': {'id': '1650', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1672': {'id': '1672', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1706': {'id': '1706', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1714': {'id': '1714', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1734': {'id': '1734', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1652': {'id': '1652', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1670': {'id': '1670', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1682': {'id': '1682', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'ppc64el'}, '1760': {'id': '1760', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1784': {'id': '1784', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1822': {'id': '1822', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'ppc64el'}, '1826': {'id': '1826', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'ppc64el'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1666': {'id': '1666', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'ppc64el'}, '1698': {'id': '1698', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'ppc64el'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1742': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1800': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1672': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1720': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1738': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1830': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1838': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1732': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1646': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1670': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1680': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1690': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1694': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1696': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1778': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1648': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1684': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1698': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1774': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1794': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1802': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1822': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1658': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1700': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1708': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1716': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1756': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1812': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1642': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1662': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1714': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1726': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1730': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1784': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1804': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1818': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1740': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1824': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1840': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1688': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1728': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1752': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1790': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1814': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1668': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1734': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1760': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1796': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1832': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1666': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1744': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1764': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1704': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1710': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1736': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1786': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1798': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1826': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1676': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1682': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1692': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1706': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1724': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1770': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1776': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1674': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1748': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1762': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1780': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1806': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1644': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1660': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1750': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1766': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1782': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1788': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1808': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1702': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1718': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1754': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1820': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1654': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1722': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1746': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1768': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1650': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1652': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1664': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}], '1712': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_ve gunicorn-web stdout | rsion': '0:249.11-0ubuntu3.7'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1 gunicorn-web stdout | .19.2-2ubuntu0.6'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubunt gunicorn-web stdout | u3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version gunicorn-web stdout | ': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy' gunicorn-web stdout | , 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}}, 'package_vulnerabilities': {'1756': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1838': ['2499877'], '1690': ['2499829'], '1668': ['2120044', '1146399'], '1186': ['960164'], '1730': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1820': ['2609409', '2206794', '2005452', '439426'], '1714': ['2121322', '1148428'], '1824': ['2114483'], '1790': ['2837900', '2228805', '2007548', '1266661'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1784': ['2121872', '1148585'], '1754': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1720': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1786': ['2790703', '2259827', '1672454', '1523087'], '1788': ['2428498', '960182'], '1652': ['2815552', '451117'], '1648': ['1516509'], '1762': ['1540355', '983329', '982616'], '1734': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1760': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1814': ['2499870'], '1840': ['1518586'], '1796': ['2790713', '2259833', '1672464', '1523094'], '1766': ['2114475'], '1670': ['2764035', '1506477', '1357966'], '1700': ['2665338', '1988933', '1988914'], '1716': ['2485497'], '1724': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1662': ['2843395'], '1800': ['2499866'], '1822': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1736': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1804': ['1700452'], '1744': ['2837871', '2228777', '2007527', '1266440'], '1764': ['456116'], '1710': ['980564'], '1818': ['2837991', '2228820', '2007560', '1266677'], '1664': ['980539'], '1742': ['2499847'], '1794': ['960172'], '1650': ['2499906'], '1782': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1780': ['980572'], '1694': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1778': ['2499856'], '1702': ['980557'], '1696': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1806': ['2609399', '2206787', '2005450', '439420'], '1746': ['2837880', '2228793', '2007536', '1266500'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1832': ['2790153', '2112903', '1696964'], '1808': ['980580']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:44,988 [249] [DEBUG] [app] Ending request: urn:request:91bf8e55-c35f-44e1-bf05-0473ade03f98 (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:91bf8e55-c35f-44e1-bf05-0473ade03f98', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:44,989 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.077 1824 0.077) gunicorn-web stdout | 2025-11-04 09:09:44,991 [249] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:44 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:45,113 [248] [DEBUG] [app] Starting request: urn:request:9c371c80-136c-4584-b02f-f2fcbfcaf45d (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:45,113 [248] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,113 [248] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,113 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,126 [248] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:45,126 [248] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:45,126 [248] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,127 [248] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:45,127 [248] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,127 [248] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,127 [248] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,127 [248] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,129 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,134 [248] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,135 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,142 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,148 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,151 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,155 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,159 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,163 [248] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [44, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,166 [248] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8 gunicorn-web stdout | 2025-11-04 09:09:45,170 [248] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8: {'manifest_hash': 'sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8', 'packages': {'1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '1464': {'id': '1464', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1502': {'id': '1502', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 'arm64'}, '1522': {'id': '1522', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1550': {'id': '1550', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 'arm64'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '1448': {'id': '1448', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1474': {'id': '1474', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1544': {'id': '1544', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1600': {'id': '1600', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1616': {'id': '1616', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1628': {'id': '1628', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1636': {'id': '1636', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1452': {'id': '1452', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1480': {'id': '1480', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1504': {'id': '1504', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1554': {'id': '1554', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '1508': {'id': '1508', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1548': {'id': '1548', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1566': {'id': '1566', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1568': {'id': '1568', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1578': {'id': '1578', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1620': {'id': '1620', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '1494': {'id': '1494', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1542': {'id': '1542', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1558': {'id': '1558', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1576': {'id': '1576', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1624': {'id': '1624', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}, '1450': {'id': '1450', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1478': {'id': '1478', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 'arm64'}, '1574': {'id': '1574', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1604': {'id': '1604', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1456': {'id': '1456', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1492': {'id': '1492', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1498': {'id': '1498', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1516': {'id': '1516', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1532': {'id': '1532', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1540': {'id': '1540', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1598': {'id': '1598', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1560': {'id': '1560', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1584': {'id': '1584', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1586': {'id': '1586', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 'arm64'}, '1606': {'id': '1606', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1610': {'id': '1610', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 'arm64'}, '1612': {'id': '1612', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1638': {'id': '1638', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 'arm64'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1440': {'id': '1440', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 'arm64'}, '1490': {'id': '1490', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 'arm64'}, '1546': {'id': '1546', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1572': {'id': '1572', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1580': {'id': '1580', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 'arm64'}, '1458': {'id': '1458', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1514': {'id': '1514', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1528': {'id': '1528', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1530': {'id': '1530', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1564': {'id': '1564', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1520': {'id': '1520', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 'arm64'}, '1524': {'id': '1524', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 'arm64'}, '1596': {'id': '1596', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 'arm64'}, '1618': {'id': '1618', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1622': {'id': '1622', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1466': {'id': '1466', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1470': {'id': '1470', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1486': {'id': '1486', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1500': {'id': '1500', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1630': {'id': '1630', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 'arm64'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '1446': {'id': '1446', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1482': {'id': '1482', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 'arm64'}, '1488': {'id': '1488', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 'arm64'}, '1496': {'id': '1496', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 'arm64'}, '1534': {'id': '1534', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 'arm64'}, '1536': {'id': '1536', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 'arm64'}, '1538': {'id': '1538', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '1444': {'id': '1444', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 'arm64'}, '1460': {'id': '1460', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 'arm64'}, '1462': {'id': '1462', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1510': {'id': '1510', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 'arm64'}, '1552': {'id': '1552', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}, '1562': {'id': '1562', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 'arm64'}, '1582': {'id': '1582', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1442': {'id': '1442', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 'arm64'}, '1472': {'id': '1472', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 'arm64'}, '1526': {'id': '1526', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1588': {'id': '1588', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'arm64'}, '1602': {'id': '1602', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 'arm64'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '1506': {'id': '1506', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1512': {'id': '1512', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1518': {'id': '1518', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 'arm64'}, '1592': {'id': '1592', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'arm64'}, '1594': {'id': '1594', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 'arm64'}, '1468': {'id': '1468', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 'arm64'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'1628': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1462': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1480': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1490': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1540': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1546': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1528': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1550': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1552': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1588': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1486': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1494': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1510': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1512': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1522': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1524': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1560': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1574': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1536': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1538': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1572': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1496': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1504': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1508': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1530': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1584': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1600': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1612': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1466': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1482': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1548': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1620': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1624': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1636': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1464': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1452': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1516': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1554': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1566': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1568': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1468': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1500': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1506': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1564': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1594': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1596': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1598': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1444': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1502': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1602': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1604': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1616': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1446': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1498': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1526': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1544': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1592': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1630': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1440': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1456': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1474': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1520': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1542': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1578': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1448': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1450': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1582': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1622': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1458': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1492': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1532': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1534': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1586': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1470': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1472': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1488': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1514': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1558': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1562': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1638': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1460': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1478': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1576': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1606': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1610': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1618': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1442': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1518': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}], '1580': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:ed02c6ade914c2962413c1ad2ccc86ed8d1512098f2c87fe7bafa8e1b5293185', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; i gunicorn-web stdout | t does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '980539': {'id': '980539', 'updater': 'ubuntu gunicorn-web stdout | /updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 htt gunicorn-web stdout | p://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix gunicorn-web stdout | the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued' gunicorn-web stdout | : '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. On gunicorn-web stdout | e ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}}, 'package_vulnerabilities': {'1518': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '1616': ['2837991', '2228820', '2007560', '1266677'], '1560': ['1540355', '983329', '982616'], '1638': ['1518586'], '1552': ['2854564', '2836550', '2485513', '2418382', '1257883'], '1492': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '1554': ['2854573', '2836745', '2485520', '2418389', '1257888'], '1542': ['2837871', '2228777', '2007527', '1266440'], '1592': ['960172'], '1636': ['2499877'], '1186': ['960164'], '1630': ['2790153', '2112903', '1696964'], '1494': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '1564': ['2114475'], '1528': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1522': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '1558': ['2854594', '2836780', '2485534', '2418401', '1257896'], '1534': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '1586': ['2428498', '960182'], '1210': ['2837981', '2228814', '2007554', '1266669'], '1594': ['2790713', '2259833', '1672464', '1523094'], '1588': ['2837900', '2228805', '2007548', '1266661'], '1580': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '1488': ['2499829'], '1620': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '1468': ['2764035', '1506477', '1357966'], '1460': ['2843395'], '1582': ['2121872', '1148585'], '1584': ['2790703', '2259827', '1672454', '1523087'], '1598': ['2499866'], '1532': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '1562': ['456116'], '1576': ['2499856'], '1604': ['2609399', '2206787', '2005450', '439420'], '1498': ['2665338', '1988933', '1988914'], '1612': ['2499870'], '1514': ['2485497'], '1540': ['2499847'], '1512': ['2121322', '1148428'], '1622': ['2114483'], '1578': ['980572'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '1450': ['2815552', '451117'], '1606': ['980580'], '1448': ['2499906'], '1544': ['2837880', '2228793', '2007536', '1266500'], '1618': ['2609409', '2206794', '2005452', '439426'], '1466': ['2120044', '1146399'], '1446': ['1516509'], '1508': ['980564'], '1602': ['1700452'], '1500': ['980557'], '1462': ['980539']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:45,186 [248] [DEBUG] [app] Ending request: urn:request:9c371c80-136c-4584-b02f-f2fcbfcaf45d (/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:9c371c80-136c-4584-b02f-f2fcbfcaf45d', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:45,187 [248] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:45,188 [248] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:45 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:45 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:0f744430d9643a0ec647a4addcac14b1fbb11424be434165c15e2cc7269f70f8/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.077 1824 0.077) gunicorn-web stdout | 2025-11-04 09:09:45,278 [246] [DEBUG] [app] Starting request: urn:request:267f59b8-508c-4d40-974b-f72e97823bfb (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:45,279 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,279 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,279 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,291 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,292 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,293 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,298 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,299 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,305 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,310 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,314 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,317 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,320 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247385320, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,325 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', None, 1762247385325, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,329 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [45, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,333 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,337 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['d2b6678e-4d11-4167-b4ca-83ed7b72ea7f']) gunicorn-web stdout | 2025-11-04 09:09:45,340 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:45,341 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:45,341 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'} gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,342 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090945Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090945Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 694b83a9ba0eca8f9d923259532dabb3fcab6a1eb2b940f356aec0ed2a54c577 gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 2dc595a173e8eb22862b9b01642a438e9abe60f409c70e1c462d17610c64c4be gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,343 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090945Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2dc595a173e8eb22862b9b01642a438e9abe60f409c70e1c462d17610c64c4be', 'amz-sdk-invocation-id': b'8964b0a6-9639-4860-93d7-f37d0e104a36', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:45,344 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:45,356 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/b4/b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:45,356 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclczl-8jap4y-138z', 'x-amz-id-2': 'mhkclczl-8jap4y-138z', 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:45 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:45,356 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:45,357 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,357 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:45,357 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,357 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,357 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkclczl-8jap4y-138z', 'HostId': 'mhkclczl-8jap4y-138z', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkclczl-8jap4y-138z', 'x-amz-id-2': 'mhkclczl-8jap4y-138z', 'etag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:07 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:45 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 7, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"1045fcf6e69e6bbbc5212a085f367c7f-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:45,358 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,362 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:b4cdd8bc1823c9d9e3d01c14d9812b2b75b97a1a0a54b552e6919b9c158937a7', 1, 10, 'sha256:b851cfa9fcbcb74629241502e21ebbae255fe40a2f26949573f278672b65c308', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,367 [246] [DEBUG] [app] Ending request: urn:request:267f59b8-508c-4d40-974b-f72e97823bfb (/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:267f59b8-508c-4d40-974b-f72e97823bfb', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:45,367 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:45,368 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:45 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:45 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:37897c7c32dfc8f0b7de513548b48dd967186f3aec144a6d031ab7943ef1abde HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.091 1794 0.091) gunicorn-web stdout | 2025-11-04 09:09:45,701 [246] [DEBUG] [app] Starting request: urn:request:ceb2a57e-591c-44e0-a832-9fd2ee93c6f7 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:45,702 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,702 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,702 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,713 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,714 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,715 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,720 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:45,722 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,727 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,732 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,735 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,739 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,742 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247385742, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,747 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', None, 1762247385747, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,752 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [46, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,756 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,760 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['64839d2b-ddf6-483e-a320-f8d7b00033ad']) gunicorn-web stdout | 2025-11-04 09:09:45,763 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'} gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,764 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,765 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090945Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090945Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | 319f088ba7f51b75a3fc2a922d662b318a2958ca9401cb7dbd0218d0665d4af8 gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 2b3b31c7390df2d9875688b0d21af3ccfcd5fd527511cc9a76277738a77fb7ca gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090945Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=2b3b31c7390df2d9875688b0d21af3ccfcd5fd527511cc9a76277738a77fb7ca', 'amz-sdk-invocation-id': b'779cd164-a6fe-4e4c-bc09-cb04ee78319e', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:45,766 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:45,778 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/22/2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5 HTTP/1.1" 200 1465 gunicorn-web stdout | 2025-11-04 09:09:45,778 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcldbb-fiuud6-1aqt', 'x-amz-id-2': 'mhkcldbb-fiuud6-1aqt', 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1465', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:45 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:45,778 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:45,779 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:45,779 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:45,779 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,779 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:45,779 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcldbb-fiuud6-1aqt', 'HostId': 'mhkcldbb-fiuud6-1aqt', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcldbb-fiuud6-1aqt', 'x-amz-id-2': 'mhkcldbb-fiuud6-1aqt', 'etag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:14 GMT', 'content-type': 'application/octet-stream', 'content-length': '1465', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:45 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 14, tzinfo=tzutc()), 'ContentLength': 1465, 'ETag': '"e4998ff9d159e33a9146d9a837cf94d9-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:45,781 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:45,784 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:1edfbf9ed16b67ab57bd93f6b8aa57ec157383c958bd3e39e94cdac02ca1db32', 1, 10, 'sha256:2273476648864d307dd4f4a482b9b8886b3bd29228b3496fa8bdd1e24f5825a5', 1]) gunicorn-web stdout | 2025-11-04 09:09:45,789 [246] [DEBUG] [app] Ending request: urn:request:ceb2a57e-591c-44e0-a832-9fd2ee93c6f7 (/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:ceb2a57e-591c-44e0-a832-9fd2ee93c6f7', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:45,789 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:45 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.089 1794 0.089) gunicorn-web stdout | 2025-11-04 09:09:45,790 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:45 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:30b98fdf87f8f8fa733c15f1ffb8bb931ae63fed4b203987162910682ad51284 HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:46,122 [246] [DEBUG] [app] Starting request: urn:request:1c9153d0-ac64-45a8-b7ff-ec3b6bfc0c8a (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:46,123 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,123 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,123 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) autopruneworker stdout | 2025-11-04 09:09:46,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:09:46,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:16.130127+00:00 (in 29.999576 seconds) autopruneworker stdout | 2025-11-04 09:09:46,130 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:16 GMT)" (scheduled at 2025-11-04 09:09:46.130127+00:00) gunicorn-web stdout | 2025-11-04 09:09:46,136 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:46,136 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:46,136 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,136 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:46,137 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,137 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,137 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,137 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,138 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) autopruneworker stdout | 2025-11-04 09:09:46,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243786137, None, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,144 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') autopruneworker stdout | 2025-11-04 09:09:46,144 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:09:46,145 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:09:46,145 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:46,145 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:46,152 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,157 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,160 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,167 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,170 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,174 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."manifest_id", "t1"."repository_id", "t1"."index_status", "t1"."error_json", "t1"."last_indexed", "t1"."indexer_hash", "t1"."indexer_version", "t1"."metadata_json" FROM "manifestsecuritystatus" AS "t1" WHERE ("t1"."manifest_id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,177 [246] [DEBUG] [data.cache.impl] Checking cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f gunicorn-web stdout | 2025-11-04 09:09:46,181 [246] [DEBUG] [data.cache.impl] Found result in cache for key security_report__sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f: {'manifest_hash': 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'packages': {'2052': {'id': '2052', 'name': 'bsdutils', 'version': '1:2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2076': {'id': '2076', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'binary', 'source': {'id': '1067', 'name': 'gzip', 'version': '1.10-4ubuntu4', 'kind': 'source'}, 'arch': 's390x'}, '2144': {'id': '2144', 'name': 'libmount1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2152': {'id': '2152', 'name': 'libnsl2', 'version': '1.3.0-2build2', 'kind': 'binary', 'source': {'id': '1143', 'name': 'libnsl', 'version': '1.3.0-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2164': {'id': '2164', 'name': 'libpcre2-8-0', 'version': '10.39-3build1', 'kind': 'binary', 'source': {'id': '1155', 'name': 'pcre2', 'version': '10.39-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2180': {'id': '2180', 'name': 'libsmartcols1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2192': {'id': '2192', 'name': 'libtinfo6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1050': {'id': '1050', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'binary', 'source': {'id': '1049', 'name': 'debconf', 'version': '1.5.79ubuntu1', 'kind': 'source'}, 'arch': 'all'}, '2102': {'id': '2102', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'binary', 'source': {'id': '1093', 'name': 'libcap2', 'version': '1:2.44-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2156': {'id': '2156', 'name': 'libpam-modules', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2208': {'id': '2208', 'name': 'login', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1152': {'id': '1152', 'name': 'libpam-runtime', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '2162': {'id': '2162', 'name': 'libpam0g', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2170': {'id': '2170', 'name': 'libseccomp2', 'version': '2.5.3-2ubuntu2', 'kind': 'binary', 'source': {'id': '1161', 'name': 'libseccomp', 'version': '2.5.3-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2210': {'id': '2210', 'name': 'logsave', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2214': {'id': '2214', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'binary', 'source': {'id': '1205', 'name': 'mawk', 'version': '1.3.4.20200120-3', 'kind': 'source'}, 'arch': 's390x'}, '1228': {'id': '1228', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'binary', 'source': {'id': '1227', 'name': 'ubuntu-keyring', 'version': '2021.03.26', 'kind': 'source'}, 'arch': 'all'}, '2060': {'id': '2060', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'binary', 'source': {'id': '1051', 'name': 'debianutils', 'version': '5.5-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2074': {'id': '2074', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'binary', 'source': {'id': '1065', 'name': 'grep', 'version': '3.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2078': {'id': '2078', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'binary', 'source': {'id': '1069', 'name': 'hostname', 'version': '3.23ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2086': {'id': '2086', 'name': 'libattr1', 'version': '1:2.5.1-1build1', 'kind': 'binary', 'source': {'id': '1077', 'name': 'attr', 'version': '1:2.5.1-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2114': {'id': '2114', 'name': 'libffi8', 'version': '3.4.2-4', 'kind': 'binary', 'source': {'id': '1105', 'name': 'libffi', 'version': '3.4.2-4', 'kind': 'source'}, 'arch': 's390x'}, '2120': {'id': '2120', 'name': 'libgmp10', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'binary', 'source': {'id': '1111', 'name': 'gmp', 'version': '2:6.2.1+dfsg-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2202': {'id': '2202', 'name': 'libuuid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '1204': {'id': '1204', 'name': 'lsb-base', 'version': '11.1.0ubuntu4', 'kind': 'binary', 'source': {'id': '1203', 'name': 'lsb', 'version': '11.1.0ubuntu4', 'kind': 'source'}, 'arch': 'all'}, '2096': {'id': '2096', 'name': 'libc-bin', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2098': {'id': '2098', 'name': 'libc6', 'version': '2.35-0ubuntu3', 'kind': 'binary', 'source': {'id': '1087', 'name': 'glibc', 'version': '2.35-0ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2196': {'id': '2196', 'name': 'libtirpc3', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '2200': {'id': '2200', 'name': 'libunistring2', 'version': '1.0-1', 'kind': 'binary', 'source': {'id': '1191', 'name': 'libunistring', 'version': '1.0-1', 'kind': 'source'}, 'arch': 's390x'}, '2206': {'id': '2206', 'name': 'libzstd1', 'version': '1.4.8+dfsg-3build1', 'kind': 'binary', 'source': {'id': '1197', 'name': 'libzstd', 'version': '1.4.8+dfsg-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2222': {'id': '2222', 'name': 'passwd', 'version': '1:4.8.1-2ubuntu2', 'kind': 'binary', 'source': {'id': '1199', 'name': 'shadow', 'version': '1:4.8.1-2ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2226': {'id': '2226', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2046': {'id': '2046', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'binary', 'source': {'id': '1037', 'name': 'base-files', 'version': '12ubuntu4.1', 'kind': 'source'}, 'arch': 's390x'}, '2068': {'id': '2068', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'binary', 'source': {'id': '1059', 'name': 'findutils', 'version': '4.8.0-1ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2094': {'id': '2094', 'name': 'libbz2-1.0', 'version': '1.0.8-5build1', 'kind': 'binary', 'source': {'id': '1085', 'name': 'bzip2', 'version': '1.0.8-5build1', 'kind': 'source'}, 'arch': 's390x'}, '2118': {'id': '2118', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'binary', 'source': {'id': '1109', 'name': 'libgcrypt20', 'version': '1.9.4-3ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2132': {'id': '2132', 'name': 'libk5crypto3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2146': {'id': '2146', 'name': 'libncurses6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2204': {'id': '2204', 'name': 'libxxhash0', 'version': '0.8.1-1', 'kind': 'binary', 'source': {'id': '1195', 'name': 'xxhash', 'version': '0.8.1-1', 'kind': 'source'}, 'arch': 's390x'}, '1222': {'id': '1222', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'binary', 'source': {'id': '1221', 'name': 'sensible-utils', 'version': '0.0.17', 'kind': 'source'}, 'arch': 'all'}, '2104': {'id': '2104', 'name': 'libcom-err2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2158': {'id': '2158', 'name': 'libpam-modules-bin', 'version': '1.4.0-11ubuntu2', 'kind': 'binary', 'source': {'id': '1147', 'name': 'pam', 'version': '1.4.0-11ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2172': {'id': '2172', 'name': 'libselinux1', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1163', 'name': 'libselinux', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2228': {'id': '2228', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'binary', 'source': {'id': '1219', 'name': 'sed', 'version': '4.8-1ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2232': {'id': '2232', 'name': 'sysvinit-utils', 'version': '3.01-1ubuntu1', 'kind': 'binary', 'source': {'id': '1223', 'name': 'sysvinit', 'version': '3.01-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2048': {'id': '2048', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'binary', 'source': {'id': '1039', 'name': 'base-passwd', 'version': '3.5.52build1', 'kind': 'source'}, 'arch': 's390x'}, '2054': {'id': '2054', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'binary', 'source': {'id': '1045', 'name': 'coreutils', 'version': '8.32-4.1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2090': {'id': '2090', 'name': 'libaudit1', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2124': {'id': '2124', 'name': 'libgpg-error0', 'version': '1.43-3', 'kind': 'binary', 'source': {'id': '1115', 'name': 'libgpg-error', 'version': '1.43-3', 'kind': 'source'}, 'arch': 's390x'}, '2166': {'id': '2166', 'name': 'libpcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'binary', 'source': {'id': '1157', 'name': 'pcre3', 'version': '2:8.39-13ubuntu0.22.04.1', 'kind': 'source'}, 'arch': 's390x'}, '2176': {'id': '2176', 'name': 'libsemanage2', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2188': {'id': '2188', 'name': 'libsystemd0', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '2220': {'id': '2220', 'name': 'ncurses-bin', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '1080': {'id': '1080', 'name': 'libaudit-common', 'version': '1:3.0.7-1build1', 'kind': 'binary', 'source': {'id': '1079', 'name': 'audit', 'version': '1:3.0.7-1build1', 'kind': 'source'}, 'arch': 'all'}, '2064': {'id': '2064', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'binary', 'source': {'id': '1055', 'name': 'dpkg', 'version': '1.21.1ubuntu2.1', 'kind': 'source'}, 'arch': 's390x'}, '2072': {'id': '2072', 'name': 'gpgv', 'version': '2.2.27-3ubuntu2', 'kind': 'binary', 'source': {'id': '1063', 'name': 'gnupg2', 'version': '2.2.27-3ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2136': {'id': '2136', 'name': 'libkrb5-3', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2140': {'id': '2140', 'name': 'liblz4-1', 'version': '1.9.3-2build2', 'kind': 'binary', 'source': {'id': '1131', 'name': 'lz4', 'version': '1.9.3-2build2', 'kind': 'source'}, 'arch': 's390x'}, '2142': {'id': '2142', 'name': 'liblzma5', 'version': '5.2.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1133', 'name': 'xz-utils', 'version': '5.2.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2216': {'id': '2216', 'name': 'mount', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2224': {'id': '2224', 'name': 'perl-base', 'version': '5.34.0-3ubuntu1', 'kind': 'binary', 'source': {'id': '1215', 'name': 'perl', 'version': '5.34.0-3ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2066': {'id': '2066', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2154': {'id': '2154', 'name': 'libp11-kit0', 'version': '0.24.0-6build1', 'kind': 'binary', 'source': {'id': '1145', 'name': 'p11-kit', 'version': '0.24.0-6build1', 'kind': 'source'}, 'arch': 's390x'}, '2092': {'id': '2092', 'name': 'libblkid1', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2110': {'id': '2110', 'name': 'libdebconfclient0', 'version': '0.261ubuntu1', 'kind': 'binary', 'source': {'id': '1101', 'name': 'cdebconf', 'version': '0.261ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2126': {'id': '2126', 'name': 'libgssapi-krb5-2', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2138': {'id': '2138', 'name': 'libkrb5support0', 'version': '1.19.2-2', 'kind': 'binary', 'source': {'id': '1117', 'name': 'krb5', 'version': '1.19.2-2', 'kind': 'source'}, 'arch': 's390x'}, '2240': {'id': '2240', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'binary', 'source': {'id': '1043', 'name': 'util-linux', 'version': '2.37.2-4ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2134': {'id': '2134', 'name': 'libkeyutils1', 'version': '1.6.1-2ubuntu3', 'kind': 'binary', 'source': {'id': '1125', 'name': 'keyutils', 'version': '1.6.1-2ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2044': {'id': '2044', 'name': 'apt', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2082': {'id': '2082', 'name': 'libacl1', 'version': '2.3.1-1', 'kind': 'binary', 'source': {'id': '1073', 'name': 'acl', 'version': '2.3.1-1', 'kind': 'source'}, 'arch': 's390x'}, '2182': {'id': '2182', 'name': 'libss2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2242': {'id': '2242', 'name': 'zlib1g', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'binary', 'source': {'id': '1233', 'name': 'zlib', 'version': '1:1.2.11.dfsg-2ubuntu9', 'kind': 'source'}, 'arch': 's390x'}, '2128': {'id': '2128', 'name': 'libhogweed6', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2130': {'id': '2130', 'name': 'libidn2-0', 'version': '2.3.2-2build1', 'kind': 'binary', 'source': {'id': '1121', 'name': 'libidn2', 'version': '2.3.2-2build1', 'kind': 'source'}, 'arch': 's390x'}, '1034': {'id': '1034', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'binary', 'source': {'id': '1033', 'name': 'adduser', 'version': '3.118ubuntu5', 'kind': 'source'}, 'arch': 'all'}, '1072': {'id': '1072', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'binary', 'source': {'id': '1071', 'name': 'init-system-helpers', 'version': '1.62', 'kind': 'source'}, 'arch': 'all'}, '2050': {'id': '2050', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'binary', 'source': {'id': '1041', 'name': 'bash', 'version': '5.1-6ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2100': {'id': '2100', 'name': 'libcap-ng0', 'version': '0.7.9-2.2build3', 'kind': 'binary', 'source': {'id': '1091', 'name': 'libcap-ng', 'version': '0.7.9-2.2build3', 'kind': 'source'}, 'arch': 's390x'}, '2150': {'id': '2150', 'name': 'libnettle8', 'version': '3.7.3-1build2', 'kind': 'binary', 'source': {'id': '1119', 'name': 'nettle', 'version': '3.7.3-1build2', 'kind': 'source'}, 'arch': 's390x'}, '2168': {'id': '2168', 'name': 'libprocps8', 'version': '2:3.3.17-6ubuntu2', 'kind': 'binary', 'source': {'id': '1159', 'name': 'procps', 'version': '2:3.3.17-6ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '1210': {'id': '1210', 'name': 'ncurses-base', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 'all'}, '2084': {'id': '2084', 'name': 'libapt-pkg6.0', 'version': '2.4.5', 'kind': 'binary', 'source': {'id': '1035', 'name': 'apt', 'version': '2.4.5', 'kind': 'source'}, 'arch': 's390x'}, '2106': {'id': '2106', 'name': 'libcrypt1', 'version': '1:4.4.27-1', 'kind': 'binary', 'source': {'id': '1097', 'name': 'libxcrypt', 'version': '1:4.4.27-1', 'kind': 'source'}, 'arch': 's390x'}, '2112': {'id': '2112', 'name': 'libext2fs2', 'version': '1.46.5-2ubuntu1', 'kind': 'binary', 'source': {'id': '1057', 'name': 'e2fsprogs', 'version': '1.46.5-2ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2122': {'id': '2122', 'name': 'libgnutls30', 'version': '3.7.3-4ubuntu1', 'kind': 'binary', 'source': {'id': '1113', 'name': 'gnutls28', 'version': '3.7.3-4ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2178': {'id': '2178', 'name': 'libsepol2', 'version': '3.3-1build1', 'kind': 'binary', 'source': {'id': '1169', 'name': 'libsepol', 'version': '3.3-1build1', 'kind': 'source'}, 'arch': 's390x'}, '2184': {'id': '2184', 'name': 'libssl3', 'version': '3.0.2-0ubuntu1.2', 'kind': 'binary', 'source': {'id': '1175', 'name': 'openssl', 'version': '3.0.2-0ubuntu1.2', 'kind': 'source'}, 'arch': 's390x'}, '2198': {'id': '2198', 'name': 'libudev1', 'version': '249.11-0ubuntu3.1', 'kind': 'binary', 'source': {'id': '1179', 'name': 'systemd', 'version': '249.11-0ubuntu3.1', 'kind': 'source'}, 'arch': 's390x'}, '1230': {'id': '1230', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'binary', 'source': {'id': '1229', 'name': 'usrmerge', 'version': '25ubuntu2', 'kind': 'source'}, 'arch': 'all'}, '1166': {'id': '1166', 'name': 'libsemanage-common', 'version': '3.3-1build2', 'kind': 'binary', 'source': {'id': '1165', 'name': 'libsemanage', 'version': '3.3-1build2', 'kind': 'source'}, 'arch': 'all'}, '2056': {'id': '2056', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'binary', 'source': {'id': '1047', 'name': 'dash', 'version': '0.5.11+git20210903+057cd650a4ed-3build1', 'kind': 'source'}, 'arch': 's390x'}, '2062': {'id': '2062', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'binary', 'source': {'id': '1053', 'name': 'diffutils', 'version': '1:3.8-0ubuntu2', 'kind': 'source'}, 'arch': 's390x'}, '2148': {'id': '2148', 'name': 'libncursesw6', 'version': '6.3-2', 'kind': 'binary', 'source': {'id': '1137', 'name': 'ncurses', 'version': '6.3-2', 'kind': 'source'}, 'arch': 's390x'}, '2190': {'id': '2190', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'binary', 'source': {'id': '1181', 'name': 'libtasn1-6', 'version': '4.18.0-4build1', 'kind': 'source'}, 'arch': 's390x'}, '2234': {'id': '2234', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'binary', 'source': {'id': '1225', 'name': 'tar', 'version': '1.34+dfsg-1build3', 'kind': 'source'}, 'arch': 's390x'}, '2070': {'id': '2070', 'name': 'gcc-12-base', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2108': {'id': '2108', 'name': 'libdb5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'binary', 'source': {'id': '1099', 'name': 'db5.3', 'version': '5.3.28+dfsg1-0.8ubuntu3', 'kind': 'source'}, 'arch': 's390x'}, '2116': {'id': '2116', 'name': 'libgcc-s1', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '2186': {'id': '2186', 'name': 'libstdc++6', 'version': '12-20220319-1ubuntu1', 'kind': 'binary', 'source': {'id': '1061', 'name': 'gcc-12', 'version': '12-20220319-1ubuntu1', 'kind': 'source'}, 'arch': 's390x'}, '1186': {'id': '1186', 'name': 'libtirpc-common', 'version': '1.3.2-2build1', 'kind': 'binary', 'source': {'id': '1185', 'name': 'libtirpc', 'version': '1.3.2-2build1', 'kind': 'source'}, 'arch': 'all'}}, 'distributions': {'16': {'id': '16', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}}, 'repository': {}, 'environments': {'2144': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2232': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2234': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2092': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2140': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2242': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2070': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2052': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2060': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2062': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2066': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2146': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2156': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1228': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2098': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2102': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2118': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2158': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2046': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2082': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2096': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2168': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2176': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2192': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2222': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1186': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2138': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2198': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2214': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2136': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2086': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2106': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2110': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2124': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2150': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2172': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2208': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1080': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2094': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2154': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2206': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2220': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2240': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2048': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2100': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2112': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2116': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2134': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2148': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2152': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2170': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1050': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2054': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2122': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2178': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2216': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2064': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2108': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2132': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2162': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2184': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2190': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2130': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2084': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2114': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2128': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2142': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2180': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2068': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2074': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2182': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2210': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2076': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2090': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2224': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1034': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2056': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2104': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2120': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2166': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2188': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2200': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2202': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1072': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1204': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '1230': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2044': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2126': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2164': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2196': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2226': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}], '2078': [{'package_db': 'var/lib/dpkg/status', 'introduced_in': 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 'distribution_id': '16', 'repository_ids': None}]}, 'vulnerabilities': {'2496760': {'id': '2496760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266661': {'id': '1266661', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2530781': {'id': '2530781', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '980572': {'id': '980572', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libss2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '1664783': {'id': '1664783', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '1266669': {'id': '1266669', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2241578': {'id': '2241578', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6129 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The POLY1305 MAC (message authentication code)implementationcontains a bug that might corrupt the internal state of applicationsrunningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSLforPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is usedonlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of theapplicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denialofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would beaffectedby this issue therefore we consider this a Low severity security issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6129` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6129 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6129', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2239547': {'id': '2239547', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5678 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Generating excessively long X9.42 DH keys or checkingexcessively long X9.42 DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_generate_key() togenerate an X9.42 DH key may experience long delays. Likewise,applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() orEVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtained froman untrusted source this may lead to a Denial of Service.While DH_check() performs all the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn\'t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn\'t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), andEVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when usingthe"-pubcheck" option, as well as the OpenSSL genpkey command lineapplication.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5678` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5678 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-5678', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '960182': {'id': '960182', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46848 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check thataffects asn1_encode_simple_der.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46848 https://ubuntu.com/security/notices/USN-5707-1 https://gitlab.com/gnutls/libtasn1/-/issues/32 https://bugs.gentoo.org/866237 https://ubuntu.com/security/CVE-2021-46848', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416373': {'id': '2416373', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0567 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS)rejects a certificate chain with distributed trust. This issue occurs whenvalidating a certificate chain with cockpit-certificate-ensure. This flawallows an unauthenticated, remote client or attacker to initiate a denialof service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0567` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0567 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061045 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://ubuntu.com/security/CVE-2024-0567', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2499847': {'id': '2499847', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libmount1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2850980': {'id': '2850980', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '1266677': {'id': '1266677', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2780405': {'id': '2780405', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32989 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overread vulnerability was found in GnuTLS in how it handlesthe Certificate Transparency (CT) Signed Certificate Timestamp (SCT)extension during X.509 certificate parsing. This flaw allows a malicioususer to create a certificate containing a malformed SCT extension (OID1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads tothe exposure of confidential information when GnuTLS verifies certificatesfrom certain websites when the certificate (SCT) is not checked correctly.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32989` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3. gunicorn-web stdout | 7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32989 https://ubuntu.com/security/notices/USN-7635-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://ubuntu.com/security/CVE-2025-32989', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2790713': {'id': '2790713', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2537412': {'id': '2537412', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2499829': {'id': '2499829', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libblkid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2114483': {'id': '2114483', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'procps', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2542767': {'id': '2542767', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1664838': {'id': '1664838', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2608368': {'id': '2608368', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-5535 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_select_next_proto withanempty supported client protocols buffer may cause a crash or memorycontents tobe sent to the peer.Impact summary: A buffer overread can have a range of potentialconsequencessuch as unexpected application beahviour or a crash. In particular thisissuecould result in up to 255 bytes of arbitrary private data from memory beingsentto the peer leading to a loss of confidentiality. However, onlyapplicationsthat directly call the SSL_select_next_proto function with a 0 length listofsupported client protocols are affected by this issue. This would normallyneverbe a valid scenario and is typically not under attacker control but mayoccur byaccident in the case of a configuration or programming error in the callingapplication.The OpenSSL API function SSL_select_next_proto is typically used by TLSapplications that support ALPN (Application Layer Protocol Negotiation) orNPN(Next Protocol Negotiation). NPN is older, was never standardised andis deprecated in favour of ALPN. We believe that ALPN is significantly morewidely deployed than NPN. The SSL_select_next_proto function accepts a listofprotocols from the server and a list of protocols from the client andreturnsthe first protocol that appears in the server list that also appears in theclient list. In the case of no overlap between the two lists it returns thefirst item in the client list. In either case it will signal whether anoverlapbetween the two lists was found. In the case where SSL_select_next_proto iscalled with a zero length client list it fails to notice this condition andreturns the memory immediately following the client list pointer (andreportsthat there was no overlap in the lists).This function is typically called from a server side application callbackforALPN or a client side application callback for NPN. In the case of ALPN thelistof protocols supplied by the client is guaranteed by libssl to never bezero inlength. The list of server protocols comes from the application and shouldnevernormally be expected to be of zero length. In this case if theSSL_select_next_proto function has been called as expected (with the listsupplied by the client passed in the client/client_len parameters), thentheapplication will not be vulnerable to this issue. If the application hasaccidentally been configured with a zero length server list, and hasaccidentally passed that zero length server list in the client/client_lenparameters, and has additionally failed to correctly handle a "no overlap"response (which would normally result in a handshake failure in ALPN) thenitwill be vulnerable to this problem.In the case of NPN, the protocol permits the client to opportunisticallyselecta protocol when there is no overlap. OpenSSL returns the first clientprotocolin the no overlap case in support of this. The list of client protocolscomesfrom the application and should never normally be expected to be of zerolength.However if the SSL_select_next_proto function is accidentally called with aclient_len of 0 then an invalid memory pointer will be returned instead. Iftheapplication uses this output as the opportunistic protocol then the loss ofconfidentiality will occur.This issue has been assessed as Low severity because applications are mostlikely to be vulnerable if they are using NPN instead of ALPN - but NPN isnotwidely used. It also requires an application configuration or programmingerror.Finally, this issue would not typically be under attacker control makingactiveexploitation unlikely.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Due to the low severity of this issue we are not issuing new releases ofOpenSSL at this time. The fix will be included in the next releases whentheybecome available.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-5535` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-5535 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-5535', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2095595': {'id': '2095595', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3817 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. AfterfixingCVE-2023-3446 it was discovered that a large q parameter value can alsotriggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3817` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3817 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/CVE-2023-3817', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1900100': {'id': '1900100', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0465 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Applications that use a non-default option when verifying certificates maybevulnerable to an attack from a malicious CA to circumvent certain checks.Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for thatcertificate.A malicious CA could use this to deliberately assert invalid certificatepoliciesin order to circumvent policy checking on the certificate altogether.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0465` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0465 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0465', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2530298': {'id': '2530298', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2530846': {'id': '2530846', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '1540355': {'id': '1540355', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-41409 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackersto cause a denial of service or other unspecified impacts via negativeinput.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-41409 https://ubuntu.com/security/CVE-2022-41409', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '960164': {'id': '960164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc-common', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2428531': {'id': '2428531', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12243 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 dataprocessing. Due to an inefficient algorithm in libtasn1, decoding certainDER-encoded certificate data can take excessive time, leading to increasedresource consumption. This flaw allows a remote attacker to send aspecially crafted certificate, causing GnuTLS to become unresponsive orslow, resulting in a denial-of-service condition.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12243` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.6\nguile-gnutls - 3.7.3-4ubuntu1.6\nlibgnutls-dane0 - 3.7.3-4ubuntu1.6\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.6\nlibgnutls30 - 3.7.3-4ubuntu1.6\nlibgnutlsxx28 - 3.7.3-4ubuntu1.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12243 https://ubuntu.com/security/notices/USN-7281-1 https://gitlab.com/gnutls/gnutls/-/issues/1553 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12243', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.6'}, '2228814': {'id': '2228814', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2485513': {'id': '2485513', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '1266440': {'id': '1266440', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2217290': {'id': '2217290', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2748113': {'id': '2748113', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1266500': {'id': '1266500', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-29458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'ncurses 6.3 before patch 20220416 has an out-of-bounds read andsegmentation violation in convert_strings in tinfo/read_entry.c in theterminfo library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-29458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-29458 https://ubuntu.com/security/notices/USN-5477-1 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 https://ubuntu.com/security/CVE-2022-29458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '1257896': {'id': '1257896', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '1988914': {'id': '1988914', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2602 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in the pthread_create() function in libcap. Thisissue may allow a malicious actor to use cause __real_pthread_create() toreturn an error, which can exhaust the process memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2602 https://ubuntu.com/security/notices/USN-6166-1 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2602', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2112903': {'id': '2112903', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-39804 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GNU tar before 1.35, mishandled extension attributes in a PAX archivecan lead to an application crash in xheader.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-39804` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.2\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-39804 https://ubuntu.com/security/notices/USN-6543-1 https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464 https://ubuntu.com/security/CVE-2023-39804', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.2'}, '1699553': {'id': '1699553', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48522 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crashthat can lead to remote code execution or local privilege escalation.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48522` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48522 https://ubuntu.com/security/notices/USN-6517-1 https://github.com/Perl/perl5/issues/19147 https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 https://ubuntu.com/security/CVE-2022-48522', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1509825': {'id': '1509825', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3602 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned the malicious certificate or for the application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address to overflow fourattacker-controlled bytes on the stack. This buffer overflow could resultin a crash (causing a denial of service) or potentially remote codeexecution. Many platforms implement stack overflow protections which wouldmitigate against the risk of remote code execution. The risk may be furthermitigated based on stack layout for any given platform/compiler.Pre-announcements of CVE-2022-3602 described this issue as CRITICAL.Further analysis based on some of the mitigating factors described abovehave led this to be downgraded to HIGH. Users are still encouraged toupgrade to a new version as soon as possible. In a TLS client, this can betriggered by connecting to a malicious server. In a TLS server, this can betriggered if the server requests client authentication and a maliciousclient connects. Fixed in OpenSSL 3.0.7 (Affected3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3602 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3602', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '1516509': {'id': '1516509', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3715 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the bash package, where a heap-buffer overflow canoccur in valid parameter_transform. This issue may lead to memory problems.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3715` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbash - 5.1-6ubuntu1.1\nbash-builtins - 5.1-6ubuntu1.1\nbash-static - 5.1-6ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3715 https://ubuntu.com/security/notices/USN-6697-1 https://bugzilla.redhat.com/show_bug.cgi?id=2122331 (private) https://bugzilla.suse.com/show_bug.cgi?id=1204787 https://ubuntu.com/security/CVE-2022-3715', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bash', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.1-6ubuntu1.1'}, '1664774': {'id': '1664774', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2007536': {'id': '2007536', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2499856': {'id': '2499856', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsmartcols1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2485527': {'id': '2485527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2007527': {'id': '2007527', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2781005': {'id': '2781005', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1898080': {'id': '1898080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0215 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The public API function BIO_new_NDEF is a helper function used forstreamingASN.1 data via a BIO. It is primarily used internally to OpenSSL to supporttheSMIME, CMS and PKCS7 streaming capabilities, but may also be calleddirectly byend user applications.The function receives a BIO from the caller, prepends a new BIO_f_asn1filterBIO onto the front of it to form a BIO chain, and then returns the new headofthe BIO chain to the caller. Under certain conditions, for example if a CMSrecipient public key is invalid, the new filter BIO is freed and thefunctionreturns a NULL result indicating a failure. However, in this case, the BIOchainis not properly cleaned up and the BIO passed by the caller still retainsinternal pointers to the previously freed filter BIO. If the caller thengoes onto call BIO_pop() on the BIO then a use-after-free will occur. This willmostlikely result in a crash.This scenario occurs directly in the internal function B64_write_ASN1()whichmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop()onthe BIO. This internal function is in turn called by the public APIfunctionsPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream,PEM_write_bio_PKCS7_stream,SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.Other public API functions that may be impacted by this includei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream andi2d_PKCS7_bio_stream.The OpenSSL cms and smime command line applications are similarly affected.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0215` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0215 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0215', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '448590': {'id': '448590', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221332': {'id': '2221332', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '2837991': {'id': '2837991', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability gunicorn-web stdout | has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537469': {'id': '2537469', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2854564': {'id': '2854564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2213138': {'id': '2213138', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47038 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurswhen a crafted regular expression is compiled by perl, which can allow anattacker controlled byte buffer overflow in a heap allocated buffer.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-47038` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.3\nperl - 5.34.0-3ubuntu1.3\nperl-base - 5.34.0-3ubuntu1.3\nperl-debug - 5.34.0-3ubuntu1.3\nperl-modules-5.34 - 5.34.0-3ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47038 https://ubuntu.com/security/notices/USN-6517-1 https://ubuntu.com/security/CVE-2023-47038', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.3'}, '1898382': {'id': '1898382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0286 on Ubuntu 22.04 LTS (jammy) - high', 'description': 'There is a type confusion vulnerability relating to X.400 addressprocessinginside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRINGbutthe public structure definition for GENERAL_NAME incorrectly specified thetypeof the x400Address field as ASN1_TYPE. This field is subsequentlyinterpreted bythe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than anASN1_STRING.When CRL checking is enabled (i.e. the application sets theX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker topassarbitrary pointers to a memcmp call, enabling them to read memory contentsorenact a denial of service. In most cases, the attack requires the attackertoprovide both the certificate chain and CRL, neither of which need to have avalid signature. If the attacker only controls one of these inputs, theotherinput must already contain an X.400 address as a CRL distribution point,whichis uncommon. As such, this vulnerability is most likely to only affectapplications which have implemented their own functionality for retrievingCRLsover a network.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0286` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0286 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-5845-1 https://ubuntu.com/security/notices/USN-5845-2 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0286', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993638': {'id': '993638', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2097 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimisedimplementation will not encrypt the entirety of the data under somecircumstances. This could reveal sixteen bytes of data that was preexistingin the memory that wasn\'t written. In the special case of "in place"encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSLdoes not support OCB based cipher suites for TLS and DTLS, they are bothunaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL1.1.1q (Affected 1.1.1-1.1.1p).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2097` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.6\nopenssl - 3.0.2-0ubuntu1.6\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2097 https://ubuntu.com/security/notices/USN-5502-1 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/CVE-2022-2097', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.6'}, '2796851': {'id': '2796851', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2007560': {'id': '2007560', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2790703': {'id': '2790703', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4598 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "A vulnerability was found in systemd-coredump. This flaw allows an attackerto force a SUID process to crash and replace it with a non-SUID binary toaccess the original's privileged process coredump, allowing the attacker toread sensitive data, such as /etc/shadow content, loaded by the originalprocess.A SUID binary or process has a special type of permission, which allows theprocess to run with the file owner's permissions, regardless of the userexecuting the binary. This allows the process to access more restricteddata than unprivileged users or processes would be able to. An attacker canleverage this flaw by forcing a SUID process to crash and force the Linuxkernel to recycle the process PID before systemd-coredump can analyze the/proc/pid/auxv file. If the attacker wins the race condition, they gainaccess to the original's SUID process coredump file. They can readsensitive content loaded into memory by the original binary, affecting dataconfidentiality.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4598` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.16\nlibnss-mymachines - 249.11-0ubuntu3.16\nlibnss-resolve - 249.11-0ubuntu3.16\nlibnss-systemd - 249.11-0ubuntu3.16\nlibpam-systemd - 249.11-0ubuntu3.16\nlibsystemd0 - 249.11-0ubuntu3.16\nlibudev1 - 249.11-0ubuntu3.16\nsystemd - 249.11-0ubuntu3.16\nsystemd-container - 249.11-0ubuntu3.16\nsystemd-coredump - 249.11-0ubuntu3.16\nsystemd-journal-remote - 249.11-0ubuntu3.16\nsystemd-oomd - 249.11-0ubuntu3.16\nsystemd-repart - 249.11-0ubuntu3.16\nsystemd-standalone-sysusers - 249.11-0ubuntu3.16\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.16\nsystemd-sysv - 249.11-0ubuntu3.16\nsystemd-tests - 249.11-0ubuntu3.16\nsystemd-timesyncd - 249.11-0ubuntu3.16\nudev - 249.11-0ubuntu3.16\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4598 https://ubuntu.com/security/notices/USN-7559-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106785 https://ubuntu.com/security/CVE-2025-4598', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.16'}, '2206794': {'id': '2206794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2780428': {'id': '2780428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32990 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS softwarein the template parsing logic within the certtool utility. When it readscertain settings from a template file, it allows an attacker to cause anout-of-bounds (OOB) NULL pointer write, resulting in memory corruption anda denial-of-service (DoS) that could potentially crash the system.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32990` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32990 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://ubuntu.com/security/CVE-2025-32990', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2241402': {'id': '2241402', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5981 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found that the response times to malformed ciphertextsin RSA-PSK ClientKeyExchange differ from response times of ciphertexts withcorrect PKCS#1 v1.5 padding.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5981` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.3\nguile-gnutls - 3.7.3-4ubuntu1.3\nlibgnutls-dane0 - 3.7.3-4ubuntu1.3\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.3\nlibgnutls30 - 3.7.3-4ubuntu1.3\nlibgnutlsxx28 - 3.7.3-4ubuntu1.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5981 https://ubuntu.com/security/notices/USN-6499-1 https://ubuntu.com/security/notices/USN-6499-2 https://gitlab.com/gnutls/gnutls/-/issues/1511 https://ubuntu.com/security/CVE-2023-5981', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.3'}, '2609399': {'id': '2609399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542723': {'id': '2542723', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2084566': {'id': '2084566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2790153': {'id': '2790153', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-45582 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.35 allows file overwrite via directory traversal incrafted TAR archives, with a certain two-step process. First, the victimmust extract an archive that contains a ../ symlink to a criticaldirectory. Second, the victim must extract an archive that contains acritical file, specified via a relative pathname that begins with thesymlink name and ends with that critical file\'s name. Here, the extractionfollows the symlink and overwrites the critical file. This bypasses theprotection mechanism of "Member name contains \'..\'" that would occur for asingle TAR archive that attempted to specify the critical file via a ../approach. For example, the first archive can contain "x ->../../../../../home/victim/.ssh" and the second archive can containx/authorized_keys. This can affect server applications that automaticallyextract any number of user-supplied TAR archives, and were relying on theblocking of traversal. This can also affect software installation processesin which "tar xf" is run more than once (e.g., when installing a packagecan automatically install two dependencies that are set up as untrustedtarballs instead of official packages). NOTE: the official GNU Tar manualhas an otherwise-empty directory for each "tar xf" in its Security Rules ofThumb; however, third-party advice leads users to run "tar xf" more thanonce into the same directory.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-45582 https://ubuntu.com/security/CVE-2025-45582', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007548': {'id': '2007548', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2418394': {'id': '2418394', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2055397': {'id': '2055397', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31486 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and availablestandalone on CPAN, has an insecure default TLS configuration where usersmust opt in to verify certificates.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089 https://ubuntu.com/security/CVE-2023-31486', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542538': {'id': '2542538', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2437744': {'id': '2437744', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-13176 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: A timing side-channel which could potentially allowrecoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, theattackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-13176` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-13176 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-13176', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2237102': {'id': '2237102', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5363 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: A bug has been identified in the processing of key andinitialisation vector (IV) lengths. This can lead to potential truncationor overruns during the initialisation of some symmetric ciphers.Impact summary: A truncation in the IV can result in non-uniqueness,which could result in loss of confidentiality for some cipher modes.When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() orEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed afterthe key and IV have been established. Any alterations to the key length,via the "keylen" parameter or the IV length, via the "ivlen" parameter,within the OSSL_PARAM array will not take effect as intended, potentiallycausing truncation or overreading of these values. The following ciphersand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.For the CCM, GCM and OCB cipher modes, truncation of the IV can result inloss of confidentiality. For example, when following NIST\'s SP 800-38Dsection 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.Both truncations and overruns of the key and overruns of the IV willproduce incorrect results and could, in some cases, trigger a memoryexception. However, these issues are not currently assessed as securitycritical.Changing the key and/or IV lengths is not considered to be a commonoperationand the vulnerable API was recently introduced. Furthermore it is likelythatapplication developers will have spotted this problem during testing sincedecryption would fail unless both peers in the communication were similarlyvulnerable. For these reasons we expect the probability of an applicationbeingvulnerable to this to be quite low. However if an application is vulnerablethenthis issue is considered very serious. For these reasons we have assessedthisissue as Moderate severity overall.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this becausethe issue lies outside of the FIPS provider boundary.OpenSSL 3.1 and 3.0 are vulnerable to this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5363` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5363 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-5363', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '2530853': {'id': '2530853', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33602 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache assumes NSS callback uses in-buffer stringsThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memorywhen the NSS callback does not store all strings in the provided buffer.The flaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33602` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33602 https://ubuntu.com/security/notices/USN-6804-1 https://ubuntu.com/security/CVE-2024-33602', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2844066': {'id': '2844066', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer dereference flaw was found in the GnuTLS software in_gnutls_figure_common_ciphersuite().\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6395 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://ubuntu.com/security/CVE-2025-6395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '451117': {'id': '451117', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-2781 on Ubuntu 22.04 LTS (jammy) - low', 'description': "chroot in GNU coreutils, when used with --userspec, allows local users toescape to the parent session via a crafted TIOCSTI ioctl call, which pushescharacters to the terminal's input buffer.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-2781 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://bugzilla.redhat.com/show_bug.cgi?id=1312863 https://ubuntu.com/security/CVE-2016-2781', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2005450': {'id': '2005450', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2665338': {'id': '2665338', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-1390 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The PAM module pam_cap.so of libcap configuration supports group namesstarting with “@”, during actual parsing, configurations not starting with“@” are incorrectly recognized as group names. This may result innonintended users being granted an inherited capability set, potentiallyleading to security risks. Attackers can exploit this vulnerability toachieve local privilege escalation on systems where/etc/security/capability.conf is used to configure user inheritedprivileges by constructing specific usernames.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-1390` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.2\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.2\nlibpam-cap - 1:2.44-1ubuntu0.22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-1390 https://ubuntu.com/security/notices/USN-7287-1 https://bugzilla.openanolis.cn/show_bug.cgi?id=18804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098318 https://ubuntu.com/security/CVE-2025-1390', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.2'}, '1988933': {'id': '1988933', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2603 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in libcap. This issue occurs in the_libcap_strdup() function and can lead to an integer overflow if the inputstring is close to 4GiB.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibcap2 - 1:2.44-1ubuntu0.22.04.1\nlibcap2-bin - 1:2.44-1ubuntu0.22.04.1\nlibpam-cap - 1:2.44-1ubuntu0.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2603 https://ubuntu.com/security/notices/USN-6166-1 https://ubuntu.com/security/notices/USN-6166-2 https://bugzilla.kernel.org/show_bug.cgi?id=217410 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036114 https://ubuntu.com/security/CVE-2023-2603', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcap2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.44-1ubuntu0.22.04.1'}, '2836773': {'id': '2836773', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2228777': {'id': '2228777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2217400': {'id': '2217400', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2836745': {'id': '2836745', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2780383': {'id': '2780383', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-32988 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLSdue to incorrect ownership handling in the export logic of SubjectAlternative Name (SAN) entries containing an otherName. If the type-id OIDis invalid or malformed, GnuTLS will call asn1_delete_structure() on anASN.1 node it does not own, leading to a double-free condition when theparent function or caller later attempts to free the same structure.This vulnerability can be triggered using only public GnuTLS APIs and mayresult in denial of service or memory corruption, depending on allocatorbehavior.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-32988` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.7\nguile-gnutls - 3.7.3-4ubuntu1.7\nlibgnutls-dane0 - 3.7.3-4ubuntu1.7\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.7\nlibgnutls30 - 3.7.3-4ubuntu1.7\nlibgnutlsxx28 - 3.7.3-4ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-32988 https://ubuntu.com/security/notices/USN-7635-1 https://ubuntu.com/security/notices/USN-7742-1 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://ubuntu.com/security/CVE-2025-32988', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.7'}, '2837880': {'id': '2837880', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2499877': {'id': '2499877', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'util-linux', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2566448': {'id': '2566448', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4603 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Checking excessively long DSA keys or parameters may be veryslow.Impact summary: Applications that use the functions EVP_PKEY_param_check()or EVP_PKEY_public_check() to check a DSA public key or DSA parameters mayexperience long delays. Where the key or parameters that are being checkedhave been obtained from an untrusted source this may lead to a Denial ofService.The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() performvarious checks on DSA parameters. Some of those computations take a longtimeif the modulus (`p` parameter) is too large.Trying to use a very large modulus is slow and OpenSSL will not allow usingpublic keys with a modulus which is over 10,000 bits in length forsignatureverification. However the key and parameter check functions do not limitthe modulus size when performing the checks.An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()and supplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.These functions are not called by OpenSSL itself on untrusted DSA keys soonly applications that directly call these functions may be vulnerable.Also vulnerable are the OpenSSL pkey and pkeyparam command lineapplicationswhen using the `-check` option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4603` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4603 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4603', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '1546763': {'id': '1546763', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4203 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A read buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occursafter certificate chain signature verification and requires either aCA to have signed the malicious certificate or for the application tocontinue certificate verification despite failure to construct a pathto a trusted issuer.The read buffer overrun might result in a crash which could lead toa denial of service attack. In theory it could also result in thedisclosureof private memory contents (such as private keys, or sensitive plaintext)although we are not aware of any working exploit leading to memorycontents disclosure as of the time of release of this advisory.In a TLS client, this can be triggered by connecting to a maliciousserver. In a TLS server, this can be triggered if the server requestsclient authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4203` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4203 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2022-4203', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '993107': {'id': '993107', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2068 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In addition to the c_rehash shell command injection identified inCVE-2022-1292, further circumstances where the c_rehash script does notproperly sanitise shell metacharacters to prevent command injection werefound by code review. When the CVE-2022-1292 was fixed it was notdiscovered that there are other places in the script where the file namesof certificates being hashed were possibly passed to a command executedthrough the shell. This script is distributed by some operating systems ina manner where it is automatically executed. On such operating systems, anattacker could execute arbitrary commands with the privileges of thescript. Use of the c_rehash script is considered obsolete and should bereplaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4(Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2068` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.5\nopenssl - 3.0.2-0ubuntu1.5\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.1\nnodejs - 12.22.9~dfsg-1ubuntu3.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2068 https://ubuntu.com/security/notices/USN-5488-1 https://ubuntu.com/security/notices/USN-5488-2 https://ubuntu.com/security/notices/USN-6457-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2022-2068', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.5'}, '2114475': {'id': '2114475', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4016 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Under some circumstances, this weakness allows a user who has access to runthe “ps” utility on a machine, the ability to write almost unlimitedamounts of unfiltered data into the process heap.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4016` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibprocps8 - 2:3.3.17-6ubuntu2.1\nprocps - 2:3.3.17-6ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4016 https://ubuntu.com/security/notices/USN-6477-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042887 https://gitlab.com/procps-ng/procps/-/issues/297 https://ubuntu.com/security/CVE-2023-4016', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libprocps8', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '2:3.3.17-6ubuntu2.1'}, '2231231': {'id': '2231231', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_na gunicorn-web stdout | me': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2854573': {'id': '2854573', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2780976': {'id': '2780976', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '1899098': {'id': '1899098', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0361 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing side-channel in the handling of RSA ClientKeyExchange messages wasdiscovered in GnuTLS. This side-channel can be sufficient to recover thekey encrypted in the RSA ciphertext across a network in a Bleichenbacherstyle attack. To achieve a successful decryption the attacker would need tosend a large amount of specially crafted messages to the vulnerable server.By recovering the secret from the ClientKeyExchange message, the attackerwould be able to decrypt the application data exchanged over thatconnection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0361` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.2\nguile-gnutls - 3.7.3-4ubuntu1.2\nlibgnutls-dane0 - 3.7.3-4ubuntu1.2\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.2\nlibgnutls30 - 3.7.3-4ubuntu1.2\nlibgnutlsxx28 - 3.7.3-4ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0361 https://ubuntu.com/security/notices/USN-5901-1 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://ubuntu.com/security/CVE-2023-0361', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.2'}, '2854594': {'id': '2854594', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1696964': {'id': '1696964', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-48303 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'GNU Tar through 1.34 has a one-byte out-of-bounds read that results in useof uninitialized memory for a conditional jump. Exploitation to change theflow of control has not been demonstrated. The issue occurs in from_headerin list.c via a V7 archive in which mtime has approximately 11 whitespacecharacters.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-48303` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ntar - 1.34+dfsg-1ubuntu0.1.22.04.1\ntar-scripts - 1.34+dfsg-1ubuntu0.1.22.04.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-48303 https://ubuntu.com/security/notices/USN-5900-1 https://ubuntu.com/security/notices/USN-5900-2 https://ubuntu.com/security/CVE-2022-48303', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'tar', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.34+dfsg-1ubuntu0.1.22.04.1'}, '1367092': {'id': '1367092', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3358 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL supports creating a custom cipher via the legacyEVP_CIPHER_meth_new() function and associated function calls. This functionwas deprecated in OpenSSL 3.0 and application authors are insteadencouraged to use the new provider mechanism in order to implement customciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy customciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() andEVP_CipherInit_ex2() functions (as well as other similarly named encryptionand decryption initialisation functions). Instead of using the customcipher directly it incorrectly tries to fetch an equivalent cipher from theavailable providers. An equivalent cipher is found based on the NID passedto EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NIDfor a given cipher. However it is possible for an application toincorrectly pass NID_undef as this value in the call toEVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSLencryption/decryption initialisation function will match the NULL cipher asbeing equivalent and will fetch this from the available providers. Thiswill succeed if the default provider has been loaded (or if a third partyprovider has been loaded that offers this cipher). Using the NULL ciphermeans that the plaintext is emitted as the ciphertext. Applications areonly affected by this issue if they call EVP_CIPHER_meth_new() usingNID_undef and subsequently use it in a call to an encryption/decryptioninitialisation function. Applications that only use SSL/TLS are notimpacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3358` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3358 https://ubuntu.com/security/notices/USN-5710-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620 https://ubuntu.com/security/CVE-2022-3358', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '2642019': {'id': '2642019', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '1672454': {'id': '1672454', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2764035': {'id': '2764035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-30258 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In GnuPG before 2.5.5, if a user chooses to import a certificate withcertain crafted subkey data that lacks a valid backsig or that hasincorrect usage flags, the user loses the ability to verify signatures madefrom certain other signing keys, aka a "verification DoS."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-30258` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.3\ngnupg - 2.2.27-3ubuntu2.3\ngnupg-agent - 2.2.27-3ubuntu2.3\ngnupg-l10n - 2.2.27-3ubuntu2.3\ngnupg-utils - 2.2.27-3ubuntu2.3\ngnupg2 - 2.2.27-3ubuntu2.3\ngpg - 2.2.27-3ubuntu2.3\ngpg-agent - 2.2.27-3ubuntu2.3\ngpg-wks-client - 2.2.27-3ubuntu2.3\ngpg-wks-server - 2.2.27-3ubuntu2.3\ngpgconf - 2.2.27-3ubuntu2.3\ngpgsm - 2.2.27-3ubuntu2.3\ngpgv - 2.2.27-3ubuntu2.3\ngpgv-static - 2.2.27-3ubuntu2.3\ngpgv-win32 - 2.2.27-3ubuntu2.3\ngpgv2 - 2.2.27-3ubuntu2.3\nscdaemon - 2.2.27-3ubuntu2.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-30258 https://ubuntu.com/security/notices/USN-7412-1 https://dev.gnupg.org/T7527 https://dev.gnupg.org/T7547 (regression) https://ubuntu.com/security/CVE-2025-30258', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.3'}, '2496581': {'id': '2496581', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2843395': {'id': '2843395', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6297 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'It was discovered that dpkg-deb does not properly sanitize directorypermissions when extracting a control member into a temporary directory,which isdocumented as being a safe operation even on untrusted data. This mayresult in leaving temporary files behind on cleanup. Given automated andrepeated execution of dpkg-deb commands onadversarial .deb packages or with well compressible files, placedinside a directory with permissions not allowing removal by a non-rootuser, this can end up in a DoS scenario due to causing disk quotaexhaustion or disk full conditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6297` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndpkg - 1.21.1ubuntu2.6\ndselect - 1.21.1ubuntu2.6\nlibdpkg-perl - 1.21.1ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6297 https://ubuntu.com/security/notices/USN-7768-1 https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122053 https://ubuntu.com/security/CVE-2025-6297', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'dpkg', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.21.1ubuntu2.6'}, '2231223': {'id': '2231223', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-5156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806introduced the potential for a memory leak, which may result in anapplication crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-5156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-5156 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://bugzilla.redhat.com/show_bug.cgi?id=2240541 https://sourceware.org/bugzilla/show_bug.cgi?id=30884 https://ubuntu.com/security/CVE-2023-5156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2121872': {'id': '2121872', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2837900': {'id': '2837900', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537457': {'id': '2537457', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496622': {'id': '2496622', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '527079': {'id': '527079', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2568777': {'id': '2568777', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-4741 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequencessuchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers functionareaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely usedbyapplications.The SSL_free_buffers function is used to free the internal OpenSSL bufferusedwhen processing an incoming record from the network. The call is onlyexpectedto succeed if the buffer is not currently in use. However, two scenarioshavebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yetarrived.In this case calling SSL_free_buffers will succeed even though a record hasonlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application datahasbeen received and processed by OpenSSL but the application has only readpart ofthis data. Again a call to SSL_free_buffers will succeed even though thebufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where thisoccurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-4741` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-4741 https://ubuntu.com/security/notices/USN-6937-1 https://ubuntu.com/security/CVE-2024-4741', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2009187': {'id': '2009187', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2975 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be misled byremoving,adding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2975` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2975 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/CVE-2023-2975', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1257888': {'id': '1257888', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2259827': {'id': '2259827', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2502649': {'id': '2502649', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28834 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in GnuTLS. The Minerva attack is a cryptographicvulnerability that exploits deterministic behavior in systems like GnuTLS,leading to side-channel leaks. In specific scenarios, such as when usingthe GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeablestep in nonce size from 513 to 512 bits, exposing a potential timingside-channel.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28834` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28834 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://gitlab.com/gnutls/gnutls/-/issues/1516 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://ubuntu.com/security/CVE-2024-28834', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '2499870': {'id': '2499870', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'mount', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '1257883': {'id': '1257883', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2485497': {'id': '2485497', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2236 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A timing-based side-channel flaw was found in libgcrypt's RSAimplementation. This issue may allow a remote attacker to initiate aBleichenbacher-style attack, which can lead to the decryption of RSAciphertexts.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683 https://dev.gnupg.org/T7136 https://ubuntu.com/security/CVE-2024-2236', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcrypt20', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2555052': {'id': '2555052', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-41996 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Validating the order of the public keys in the Diffie-Hellman Key AgreementProtocol, when an approved safe prime is used, allows remote attackers(from the client side) to trigger unnecessarily expensive server-side DHEmodular-exponentiation calculations. The client may cause asymmetricresource consumption. The basic attack scenario is that the client mustclaim that it can only communicate with DHE, and the server must beconfigured to allow DHE and validate the order of the public key.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-41996 https://ubuntu.com/security/CVE-2024-41996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1898296': {'id': '1898296', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0217 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to check a malformed DSA public key by theEVP_PKEY_public_check() function. This will most likely leadto an application crash. This function can be called on publickeys supplied from untrusted sources which could allow an attackerto cause a denial of service attack.The TLS implementation in OpenSSL does not call this functionbut applications might call the function if there are additionalsecurity requirements imposed by standards such as FIPS 140-3.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0217` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0217 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0217', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2507554': {'id': '2507554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '448580': {'id': '448580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2016-20013 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "sha256crypt and sha512crypt through 0.6 allow attackers to cause a denialof service (CPU consumption) because the algorithm's runtime isproportional to the square of the length of the password.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2016-20013 https://ubuntu.com/security/CVE-2016-20013', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2542705': {'id': '2542705', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2228793': {'id': '2228793', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncursesw6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2007554': {'id': '2007554', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29491 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'ncurses before 6.4 20230408, when used by a setuid application, allowslocal users to trigger security-relevant memory corruption via malformeddata in a terminfo database file that is found in $HOME/.terminfo orreached via the TERMINFO or TERM environment variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-29491` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32ncurses6 - 6.3-2ubuntu0.1\nlib32ncursesw6 - 6.3-2ubuntu0.1\nlib32tinfo6 - 6.3-2ubuntu0.1\nlib64ncurses6 - 6.3-2ubuntu0.1\nlib64ncursesw6 - 6.3-2ubuntu0.1\nlib64tinfo6 - 6.3-2ubuntu0.1\nlibncurses5 - 6.3-2ubuntu0.1\nlibncurses6 - 6.3-2ubuntu0.1\nlibncursesw5 - 6.3-2ubuntu0.1\nlibncursesw6 - 6.3-2ubuntu0.1\nlibtinfo5 - 6.3-2ubuntu0.1\nlibtinfo6 - 6.3-2ubuntu0.1\nncurses-base - 6.3-2ubuntu0.1\nncurses-bin - 6.3-2ubuntu0.1\nncurses-examples - 6.3-2ubuntu0.1\nncurses-term - 6.3-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29491 https://ubuntu.com/security/notices/USN-6099-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372 https://ubuntu.com/security/CVE-2023-29491', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:6.3-2ubuntu0.1'}, '2496794': {'id': '2496794', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2084561': {'id': '2084561', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1536015': {'id': '1536015', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3996 on Ubuntu 22.04 LTS (jammy) - low', 'description': "If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3996` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3996 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2022-3996', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '2418389': {'id': '2418389', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1506477': {'id': '1506477', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-34903 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "GnuPG through 2.3.6, in unusual situations where an attacker possesses anysecret-key information from a victim's keyring and other constraints (e.g.,use of GPGME) are met, allows signature forgery via injection into thestatus line.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-34903` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ndirmngr - 2.2.27-3ubuntu2.1\ngnupg - 2.2.27-3ubuntu2.1\ngnupg-agent - 2.2.27-3ubuntu2.1\ngnupg-l10n - 2.2.27-3ubuntu2.1\ngnupg-utils - 2.2.27-3ubuntu2.1\ngnupg2 - 2.2.27-3ubuntu2.1\ngpg - 2.2.27-3ubuntu2.1\ngpg-agent - 2.2.27-3ubuntu2.1\ngpg-wks-client - 2.2.27-3ubuntu2.1\ngpg-wks-server - 2.2.27-3ubuntu2.1\ngpgconf - 2.2.27-3ubuntu2.1\ngpgsm - 2.2.27-3ubuntu2.1\ngpgv - 2.2.27-3ubuntu2.1\ngpgv-static - 2.2.27-3ubuntu2.1\ngpgv-win32 - gunicorn-web stdout | 2.2.27-3ubuntu2.1\ngpgv2 - 2.2.27-3ubuntu2.1\nscdaemon - 2.2.27-3ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-34903 https://ubuntu.com/security/notices/USN-5503-1 https://ubuntu.com/security/notices/USN-5503-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014157 https://ubuntu.com/security/CVE-2022-34903', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.2.27-3ubuntu2.1'}, '2542545': {'id': '2542545', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2783212': {'id': '2783212', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-40909 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Perl threads have a working directory race condition where file operationsmay target unintended paths.If a directory handle is open at thread creation, the process-wide currentworking directory is temporarily changed in order to clone\xa0that handle forthe new thread, which is visible from any third (or\xa0more) thread alreadyrunning.This may lead to unintended operations\xa0such as loading code or accessingfiles from unexpected locations,\xa0which a local attacker may be able toexploit.The bug was introduced in commit\xa011a11ecf4bea72b17d250cfb43c897be1341861eand released in Perl version 5.13.6\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-40909` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.5\nperl - 5.34.0-3ubuntu1.5\nperl-base - 5.34.0-3ubuntu1.5\nperl-debug - 5.34.0-3ubuntu1.5\nperl-modules-5.34 - 5.34.0-3ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-40909 https://ubuntu.com/security/notices/USN-7678-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/issues/23010 https://ubuntu.com/security/CVE-2025-40909', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.5'}, '1537787': {'id': '1537787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-40735 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The Diffie-Hellman Key Agreement Protocol allows use of long exponents thatarguably make certain calculations unnecessarily expensive, because the1996 van Oorschot and Wiener paper found that "(appropriately) shortexponents" can be used when there are adequate subgroup constraints, andthese short exponents can lead to less expensive calculations than for longexponents. This issue is different from CVE-2002-20001 because it is basedon an observation about exponent size, rather than an observation aboutnumbers that are not public keys. The specific situations in whichcalculation expense would constitute a server-side vulnerability depend onthe protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details.In general, there might be an availability concern because of server-sideresource consumption from DHE modular-exponentiation calculations. Finally,it is possible for an attacker to exploit this vulnerability andCVE-2002-20001 together.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-40735` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.16\nopenssl - 3.0.2-0ubuntu1.16\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-40735 https://ubuntu.com/security/notices/USN-6854-1 https://ubuntu.com/security/CVE-2022-40735', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.16'}, '2530292': {'id': '2530292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33599 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Stack-based buffer overflow in netgroup cacheIf the Name Service Cache Daemon's (nscd) fixed size cache is exhaustedby client requests then a subsequent client request for netgroup datamay result in a stack-based buffer overflow. This flaw was introducedin glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33599` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33599 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31677 https://ubuntu.com/security/CVE-2024-33599', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2850988': {'id': '2850988', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8058 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The regcomp function in the GNU C library version from 2.4 to 2.41 issubject to a double free if some previous allocation fails. It can beaccomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffermanipulation depending of how the regex is constructed. This issueaffects all architectures and ABIs supported by the GNU C library.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-8058` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.11\nlibc-bin - 2.35-0ubuntu3.11\nlibc6 - 2.35-0ubuntu3.11\nlibc6-amd64 - 2.35-0ubuntu3.11\nlibc6-i386 - 2.35-0ubuntu3.11\nlibc6-prof - 2.35-0ubuntu3.11\nlibc6-s390 - 2.35-0ubuntu3.11\nlibc6-x32 - 2.35-0ubuntu3.11\nlocales - 2.35-0ubuntu3.11\nlocales-all - 2.35-0ubuntu3.11\nnscd - 2.35-0ubuntu3.11\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8058 https://ubuntu.com/security/notices/USN-7760-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109803 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://ubuntu.com/security/CVE-2025-8058', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.11'}, '527035': {'id': '527035', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439426': {'id': '439426', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2502681': {'id': '2502681', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28835 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw has been discovered in GnuTLS where an application crash can beinduced when attempting to verify a specially crafted .pem bundle using the"certtool --verify-chain" command.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28835` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.5\nguile-gnutls - 3.7.3-4ubuntu1.5\nlibgnutls-dane0 - 3.7.3-4ubuntu1.5\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.5\nlibgnutls30 - 3.7.3-4ubuntu1.5\nlibgnutlsxx28 - 3.7.3-4ubuntu1.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28835 https://ubuntu.com/security/notices/USN-6733-1 https://ubuntu.com/security/notices/USN-6733-2 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://gitlab.com/gnutls/gnutls/-/issues/1525 https://gitlab.com/gnutls/gnutls/-/issues/1527 https://ubuntu.com/security/CVE-2024-28835', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.5'}, '664239': {'id': '664239', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2020-16156 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN 2.28 allows Signature Verification Bypass.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2020-16156` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.1\nperl - 5.34.0-3ubuntu1.1\nperl-base - 5.34.0-3ubuntu1.1\nperl-debug - 5.34.0-3ubuntu1.1\nperl-modules-5.34 - 5.34.0-3ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2020-16156 https://ubuntu.com/security/notices/USN-5689-1 https://ubuntu.com/security/notices/USN-5689-2 https://bugzilla.redhat.com/show_bug.cgi?id=2035273 https://ubuntu.com/security/CVE-2020-16156', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.1'}, '1667292': {'id': '1667292', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A timing based side channel exists in the OpenSSL RSA Decryptionimplementationwhich could be sufficient to recover a plaintext across a network in aBleichenbacher style attack. To achieve a successful decryption an attackerwould have to be able to send a very large number of trial messages fordecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,RSA-OEAP and RSASVE.For example, in a TLS connection, RSA is commonly used by a client to sendanencrypted pre-master secret to the server. An attacker that had observed agenuine connection between a client and a server could use this flaw tosendtrial messages to the server and record the time taken to process them.After asufficiently large number of messages the attacker could recover thepre-mastersecret used for the original connection and thus be able to decrypt theapplication data sent over that connection.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4304 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '1521540': {'id': '1521540', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3786 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overrun can be triggered in X.509 certificate verification,specifically in name constraint checking. Note that this occurs aftercertificate chain signature verification and requires either a CA to havesigned a malicious certificate or for an application to continuecertificate verification despite failure to construct a path to a trustedissuer. An attacker can craft a malicious email address in a certificate tooverflow an arbitrary number of bytes containing the `.' character (decimal46) on the stack. This buffer overflow could result in a crash (causing adenial of service). In a TLS client, this can be triggered by connecting toa malicious server. In a TLS server, this can be triggered if the serverrequests client authentication and a malicious client connects.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3786` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.7\nopenssl - 3.0.2-0ubuntu1.7\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3786 https://ubuntu.com/security/notices/USN-5710-1 https://ubuntu.com/security/CVE-2022-3786', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.7'}, '980539': {'id': '980539', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'e2fsprogs', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2120044': {'id': '2120044', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '2496802': {'id': '2496802', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1664817': {'id': '1664817', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-42898 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before1.20.1 has integer overflows that may lead to remote code execution (inKDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms(which have a resultant heap-based buffer overflow), and cause a denial ofservice on other platforms. This occurs in krb5_pac_parse inlib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-42898` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.1\nkrb5-gss-samples - 1.19.2-2ubuntu0.1\nkrb5-k5tls - 1.19.2-2ubuntu0.1\nkrb5-kdc - 1.19.2-2ubuntu0.1\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.1\nkrb5-kpropd - 1.19.2-2ubuntu0.1\nkrb5-locales - 1.19.2-2ubuntu0.1\nkrb5-multidev - 1.19.2-2ubuntu0.1\nkrb5-otp - 1.19.2-2ubuntu0.1\nkrb5-pkinit - 1.19.2-2ubuntu0.1\nkrb5-user - 1.19.2-2ubuntu0.1\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.1\nlibgssrpc4 - 1.19.2-2ubuntu0.1\nlibk5crypto3 - 1.19.2-2ubuntu0.1\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.1\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.1\nlibkdb5-10 - 1.19.2-2ubuntu0.1\nlibkrad0 - 1.19.2-2ubuntu0.1\nlibkrb5-3 - 1.19.2-2ubuntu0.1\nlibkrb5support0 - 1.19.2-2ubuntu0.1\nNo subscription required\n\nctdb - 2:4.15.13+dfsg-0ubuntu1\nlibnss-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibpam-winbind - 2:4.15.13+dfsg-0ubuntu1\nlibsmbclient - 2:4.15.13+dfsg-0ubuntu1\nlibwbclient0 - 2:4.15.13+dfsg-0ubuntu1\npython3-samba - 2:4.15.13+dfsg-0ubuntu1\nregistry-tools - 2:4.15.13+dfsg-0ubuntu1\nsamba - 2:4.15.13+dfsg-0ubuntu1\nsamba-common - 2:4.15.13+dfsg-0ubuntu1\nsamba-common-bin - 2:4.15.13+dfsg-0ubuntu1\nsamba-dsdb-modules - 2:4.15.13+dfsg-0ubuntu1\nsamba-libs - 2:4.15.13+dfsg-0ubuntu1\nsamba-testsuite - 2:4.15.13+dfsg-0ubuntu1\nsamba-vfs-modules - 2:4.15.13+dfsg-0ubuntu1\nsmbclient - 2:4.15.13+dfsg-0ubuntu1\nwinbind - 2:4.15.13+dfsg-0ubuntu1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-42898 https://ubuntu.com/security/notices/USN-5800-1 https://ubuntu.com/security/notices/USN-5822-1 https://ubuntu.com/security/notices/USN-5822-2 https://ubuntu.com/security/notices/USN-5828-1 https://ubuntu.com/security/notices/USN-5936-1 https://ubuntu.com/security/notices/USN-7582-1 https://bugzilla.samba.org/show_bug.cgi?id=15203 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267 https://ubuntu.com/security/CVE-2022-42898', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.1'}, '2855865': {'id': '2855865', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-9230 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Issue summary: An application trying to decrypt CMS messages encryptedusingpassword based encryption can trigger an out-of-bounds read and write.Impact summary: This out-of-bounds read may trigger a crash which leads toDenial of Service for an application. The out-of-bounds write can causea memory corruption which can have various consequences includinga Denial of Service or Execution of attacker-supplied code.Although the consequences of a successful exploit of this vulnerabilitycould be severe, the probability that the attacker would be able toperform it is low. Besides, password based (PWRI) encryption support in CMSmessages is very rarely used. For that reason the issue was assessed asModerate severity according to our Security Policy.The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected bythisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-9230` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.20\nopenssl - 3.0.2-0ubuntu1.20\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-9230 https://ubuntu.com/security/notices/USN-7786-1 https://ubuntu.com/security/CVE-2025-9230', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.20'}, '2428498': {'id': '2428498', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-12133 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw in libtasn1 causes inefficient handling of specific certificatedata. When processing a large number of elements in a certificate, libtasn1takes much longer than expected, which can slow down or even crash thesystem. This flaw allows an attacker to send a specially craftedcertificate, causing a denial of service attack.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-12133` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtasn1-6 - 4.18.0-4ubuntu0.1\nlibtasn1-bin - 4.18.0-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-12133 https://ubuntu.com/security/notices/USN-7275-1 https://ubuntu.com/security/notices/USN-7275-2 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://ubuntu.com/security/CVE-2024-12133', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtasn1-6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:4.18.0-4ubuntu0.1'}, '2121322': {'id': '2121322', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4039 on Ubuntu 22.04 LTS (jammy) - low', 'description': '**DISPUTED**A failure in the -fstack-protector feature in GCC-basedtoolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamically-sized local variables or those created usingalloca(). The stack-protector operates as intended for statically-sizedlocal variables.The default behavior when the stack-protectordetects an overflow is to terminate your application, resulting incontrolled loss of availability. An attacker who can exploit a bufferoverflow without triggering the stack-protector might be able to changeprogram flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC projectargues that this is a missed hardening bug and not a vulnerability byitself.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4039` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ncpp-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10 - 10.5.0-1ubuntu1~22.04.2\ng++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10 - 10.5.0-1ubuntu1~22.04.2\ngcc-10-base - 10.5.0-1ubuntu1~22.04.2\ngcc-10-hppa64-linux-gnu - 10.5.0-1ubuntu1~22.04.2\ngcc-10-locales - 10.5.0-1ubuntu1~22.04.2\ngcc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngcc-10-offload-nvptx - 10.5.0-1ubuntu1~22.04.2\ngcc-10-source - 10.5.0-1ubuntu1~22.04.2\ngcc-10-test-results - 10.5.0-1ubuntu1~22.04.2\ngccbrig-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10 - 10.5.0-1ubuntu1~22.04.2\ngccgo-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngdc-10 - 10.5.0-1ubuntu1~22.04.2\ngdc-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngfortran-10 - 10.5.0-1ubuntu1~22.04.2\ngfortran-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngm2-10 - 10.5.0-1ubuntu1~22.04.2\ngnat-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc++-10-multilib - 10.5.0-1ubuntu1~22.04.2\ngobjc-10 - 10.5.0-1ubuntu1~22.04.2\ngobjc-10-multilib - 10.5.0-1ubuntu1~22.04.2\nlib32go16 - 10.5.0-1ubuntu1~22.04.2\nlib32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlib64go16 - 10.5.0-1ubuntu1~22.04.2\nlib64gphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibgm2-15 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-10 - 10.5.0-1ubuntu1~22.04.2\nlibgnat-util10 - 10.5.0-1ubuntu1~22.04.2\nlibgo16 - 10.5.0-1ubuntu1~22.04.2\nlibgomp-plugin-hsa1 - 10.5.0-1ubuntu1~22.04.2\nlibgphobos1 - 10.5.0-1ubuntu1~22.04.2\nlibstdc++-10-pic - 10.5.0-1ubuntu1~22.04.2\nlibx32go16 - 10.5.0-1ubuntu1~22.04.2\nlibx32gphobos1 - 10.5.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11 - 11.4.0-1ubuntu1~22.04.2\ng++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11 - 11.4.0-1ubuntu1~22.04.2\ngcc-11-base - 11.4.0-1ubuntu1~22.04.2\ngcc-11-hppa64-linux-gnu - 11.4.0-1ubuntu1~22.04.2\ngcc-11-locales - 11.4.0-1ubuntu1~22.04.2\ngcc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-amdgcn - 11.4.0-1ubuntu1~22.04.2\ngcc-11-offload-nvptx - 11.4.0-1ubuntu1~22.04.2\ngcc-11-source - 11.4.0-1ubuntu1~22.04.2\ngcc-11-test-results - 11.4.0-1ubuntu1~22.04.2\ngccbrig-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11 - 11.4.0-1ubuntu1~22.04.2\ngccgo-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngdc-11 - 11.4.0-1ubuntu1~22.04.2\ngdc-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngfortran-11 - 11.4.0-1ubuntu1~22.04.2\ngfortran-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngm2-11 - 11.4.0-1ubuntu1~22.04.2\ngnat-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc++-11-multilib - 11.4.0-1ubuntu1~22.04.2\ngobjc-11 - 11.4.0-1ubuntu1~22.04.2\ngobjc-11-multilib - 11.4.0-1ubuntu1~22.04.2\nlib32asan6 - 11.4.0-1ubuntu1~22.04.2\nlib32go19 - 11.4.0-1ubuntu1~22.04.2\nlib32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlib64asan6 - 11.4.0-1ubuntu1~22.04.2\nlib64go19 - 11.4.0-1ubuntu1~22.04.2\nlib64gphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibasan6 - 11.4.0-1ubuntu1~22.04.2\nlibgnat-11 - 11.4.0-1ubuntu1~22.04.2\nlibgo19 - 11.4.0-1ubuntu1~22.04.2\nlibgphobos2 - 11.4.0-1ubuntu1~22.04.2\nlibhsail-rt0 - 11.4.0-1ubuntu1~22.04.2\nlibstdc++-11-pic - 11.4.0-1ubuntu1~22.04.2\nlibtsan0 - 11.4.0-1ubuntu1~22.04.2\nlibx32asan6 - 11.4.0-1ubuntu1~22.04.2\nlibx32go19 - 11.4.0-1ubuntu1~22.04.2\nlibx32gphobos2 - 11.4.0-1ubuntu1~22.04.2\nNo subscription required\n\ncpp-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12 - 12.3.0-1ubuntu1~22.04.2\ng++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12 - 12.3.0-1ubuntu1~22.04.2\ngcc-12-base - 12.3.0-1ubuntu1~22.04.2\ngcc-12-hppa64-linux-gnu - 12.3.0-1ubuntu1~22.04.2\ngcc-12-locales - 12.3.0-1ubuntu1~22.04.2\ngcc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-amdgcn - 12.3.0-1ubuntu1~22.04.2\ngcc-12-offload-nvptx - 12.3.0-1ubuntu1~22.04.2\ngcc-12-source - 12.3.0-1ubuntu1~22.04.2\ngcc-12-test-results - 12.3.0-1ubuntu1~22.04.2\ngccgo-12 - 12.3.0-1ubuntu1~22.04.2\ngccgo-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngdc-12 - 12.3.0-1ubuntu1~22.04.2\ngdc-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngfortran-12 - 12.3.0-1ubuntu1~22.04.2\ngfortran-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngm2-12 - 12.3.0-1ubuntu1~22.04.2\ngnat-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc++-12-multilib - 12.3.0-1ubuntu1~22.04.2\ngobjc-12 - 12.3.0-1ubuntu1~22.04.2\ngobjc-12-multilib - 12.3.0-1ubuntu1~22.04.2\nlib32asan8 - 12.3.0-1ubuntu1~22.04.2\nlib32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib32go21 - 12.3.0-1ubuntu1~22.04.2\nlib32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib32itm1 - 12.3.0-1ubuntu1~22.04.2\nlib32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlib32objc4 - 12.3.0-1ubuntu1~22.04.2\nlib32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlib64asan8 - 12.3.0-1ubuntu1~22.04.2\nlib64atomic1 - 12.3.0-1ubuntu1~22.04.2\nlib64gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlib64gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlib64go21 - 12.3.0-1ubuntu1~22.04.2\nlib64gomp1 - 12.3.0-1ubuntu1~22.04.2\nlib64gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlib64itm1 - 12.3.0-1ubuntu1~22.04.2\nlib64objc4 - 12.3.0-1ubuntu1~22.04.2\nlib64quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlib64stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlib64ubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibasan8 - 12.3.0-1ubuntu1~22.04.2\nlibatomic1 - 12.3.0-1ubuntu1~22.04.2\nlibcc1-0 - 12.3.0-1ubuntu1~22.04.2\nlibgcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibgccjit0 - 12.3.0-1ubuntu1~22.04.2\nlibgfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibgm2-17 - 12.3.0-1ubuntu1~22.04.2\nlibgnat-12 - 12.3.0-1ubuntu1~22.04.2\nlibgo21 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-amdgcn1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp-plugin-nvptx1 - 12.3.0-1ubuntu1~22.04.2\nlibgomp1 - 12.3.0-1ubuntu1~22.04.2\nlibgphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibhwasan0 - 12.3.0-1ubuntu1~22.04.2\nlibitm1 - 12.3.0-1ubuntu1~22.04.2\nliblsan0 - 12.3.0-1ubuntu1~22.04.2\nlibobjc4 - 12.3.0-1ubuntu1~22.04.2\nlibquadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibstdc++-12-pic - 12.3.0-1ubuntu1~22.04.2\nlibstdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibtsan2 - 12.3.0-1ubuntu1~22.04.2\nlibubsan1 - 12.3.0-1ubuntu1~22.04.2\nlibx32asan8 - 12.3.0-1ubuntu1~22.04.2\nlibx32atomic1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gcc-s1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gfortran5 - 12.3.0-1ubuntu1~22.04.2\nlibx32go21 - 12.3.0-1ubuntu1~22.04.2\nlibx32gomp1 - 12.3.0-1ubuntu1~22.04.2\nlibx32gphobos3 - 12.3.0-1ubuntu1~22.04.2\nlibx32itm1 - 12.3.0-1ubuntu1~22.04.2\nlibx32lsan0 - 12.3.0-1ubuntu1~22.04.2\nlibx32objc4 - 12.3.0-1ubuntu1~22.04.2\nlibx32quadmath0 - 12.3.0-1ubuntu1~22.04.2\nlibx32stdc++6 - 12.3.0-1ubuntu1~22.04.2\nlibx32ubsan1 - 12.3.0-1ubuntu1~22.04.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4039 https://ubuntu.com/security/notices/USN-7700-1 https://ubuntu.com/security/CVE-2023-4039', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:12.3.0-1ubuntu1~22.04.2'}, '1148428': {'id': '1148428', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgcc-s1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2221340': {'id': '2221340', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4911 on Ubuntu 22.04 LTS (jammy) - high', 'description': "A buffer overflow was discovered in the GNU C Library's dynamic loaderld.so while processing the GLIBC_TUNABLES environment variable. This issuecould allow a local attacker to use maliciously crafted GLIBC_TUNABLESenvironment variables when launching binaries with SUID permission toexecute code with elevated privileges.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4911` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.4\nlibc-bin - 2.35-0ubuntu3.4\nlibc6 - 2.35-0ubuntu3.4\nlibc6-amd64 - 2.35-0ubuntu3.4\nlibc6-i386 - 2.35-0ubuntu3.4\nlibc6-prof - 2.35-0ubuntu3.4\nlibc6-s390 - 2.35-0ubuntu3.4\nlibc6-x32 - 2.35-0ubuntu3.4\nlocales - 2.35-0ubuntu3.4\nlocales-all - 2.35-0ubuntu3.4\nnscd - 2.35-0ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4911 https://ubuntu.com/security/notices/USN-6409-1 https://ubuntu.com/security/CVE-2023-4911', 'severity': '', 'normalized_severity': 'High', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.4'}, '980580': {'id': '980580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'logsave', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2837981': {'id': '2837981', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2836550': {'id': '2836550', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2418382': {'id': '2418382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2837871': {'id': '2837871', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6141 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 andclassified as problematic. This vulnerability affects the functionpostprocess_termcap of the file tinfo/parse_entry.c. The manipulation leadsto stack-based buffer overflow. The attack needs to be approached locally.Upgrading to version 6.5-20250329 is able to address this issue. It isrecommended to upgrade the affected component.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6141 https://ubuntu.com/security/CVE-2025-6141', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libncurses6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2754142': {'id': '2754142', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-27587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to aMinerva attack, exploitable by measuring the time of signing of randommessages using the EVP_DigestSign API, and then using the private key toextract the K value (nonce) from the signatures. Next, based on the bitsize of the extracted nonce, one can compare the signing time of full-sizednonces to signatures that used smaller nonces, via statistical tests. Thereis a side-channel in the P-364 curve that allows private key extraction(also, there is a dependency between the bit size of K and the size of theside channel). NOTE: This CVE is disputed because the OpenSSL securitypolicy explicitly notes that any side channels which require same physicalsystem to be detected are outside of the threat model for the software. Thetiming signal is so small that it is infeasible to be detected withouthaving the attacking process running on the same physical system.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-27587 https://github.com/openssl/openssl/issues/24253 https://ubuntu.com/security/CVE-2025-27587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2639770': {'id': '2639770', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-9143 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Use of the low-level GF(2^m) elliptic curve APIs withuntrustedexplicit values for the field polynomial can lead to out-of-bounds memoryreadsor writes.Impact summary: Out of bound memory writes can lead to an application crashoreven a possibility of a remote code execution, however, in all theprotocolsinvolving Elliptic Curve Cryptography that we\'re aware of, either only"namedcurves" are supported, or, if explicit curve parameters are supported, theyspecify an X9.62 encoding of binary (GF(2^m)) curves that can\'t representproblematic input values. Thus the likelihood of existence of a vulnerableapplication is low.In particular, the X9.62 encoding is used for ECC keys in X.509certificates,so problematic inputs cannot occur in the context of processing X.509certificates. Any problematic use-cases would have to be using an "exotic"curve encoding.The affected APIs include: EC_GROUP_new_curve_GF2m(),EC_GROUP_new_from_params(),and various supporting BN_GF2m_*() functions.Applications working with "exotic" explicit binary (GF(2^m)) curveparameters,that make it possible to represent invalid field polynomials with a zeroconstant term, via the above or similar APIs, may terminate abruptly as aresult of reading or writing outside of array bounds. Remote codeexecutioncannot easily be ruled out.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-9143` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.19\nopenssl - 3.0.2-0ubuntu1.19\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-9143 https://ubuntu.com/security/notices/USN-7264-1 https://ubuntu.com/security/notices/USN-7278-1 https://ubuntu.com/security/CVE-2024-9143', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.19'}, '2796861': {'id': '2796861', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-4802 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU CLibrary version 2.27 to 2.38 allows attacker controlled loading ofdynamically shared library in statically compiled setuid binaries that calldlopen (including internal dlopen calls after setlocale or calls to NSSfunctions such as getaddrinfo).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-4802` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.10\nlibc-bin - 2.35-0ubuntu3.10\nlibc6 - 2.35-0ubuntu3.10\nlibc6-amd64 - 2.35-0ubuntu3.10\nlibc6-i386 - 2.35-0ubuntu3.10\nlibc6-prof - 2.35-0ubuntu3.10\nlibc6-s390 - 2.35-0ubuntu3.10\nlibc6-x32 - 2.35-0ubuntu3.10\nlocales - 2.35-0ubuntu3.10\nlocales-all - 2.35-0ubuntu3.10\nnscd - 2.35-0ubuntu3.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-4802 https://ubuntu.com/security/notices/USN-7541-1 https://ubuntu.com/security/CVE-2025-4802', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.10'}, '2217297': {'id': '2217297', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4806 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an extremely rare situation, thegetaddrinfo function may access memory that has been freed, resulting in anapplication crash. This issue is only exploitable when a NSS moduleimplements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hookswithout implementing the _nss_*_gethostbyname3_r hook. The resolved nameshould return a large number of IPv6 and IPv4, and the call to thegetaddrinfo function should have the AF_INET6 address family withAI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4806` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4806 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=30843 https://ubuntu.com/security/CVE-2023-4806', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '982616': {'id': '982616', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1586 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.This involves a unicode property matching issue in JIT-compiled regularexpressions. The issue occurs because the character was not fully read incase-less matching within JIT.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1586` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1586 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1586', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2418401': {'id': '2418401', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-10041 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in PAM. The secret information is stored inmemory, where the attacker can trigger the victim program to execute bysending characters to its standard input (stdin). As this occurs, theattacker can train the branch predictor to execute an ROP chainspeculatively. This flaw could result in leaked passwords, such as thosefound in /etc/shadow while performing authentications.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://github.com/linux-pam/linux-pam/issues/846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086038 https://ubuntu.com/security/CVE-2024-10041', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1672464': {'id': '1672464', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4415 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in systemd. This security flaw can cause a localinformation leak due to systemd-coredump not respecting thefs.suid_dumpable kernel setting.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4415` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4415 https://ubuntu.com/security/notices/USN-5928-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026831 https://ubuntu.com/security/CVE-2022-4415', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22 gunicorn-web stdout | .04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2542506': {'id': '2542506', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1257892': {'id': '1257892', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-28321 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': "The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allowsauthentication bypass for SSH logins. The pam_access.so module doesn'tcorrectly restrict login if a user tries to connect from an IP address thatis not resolvable via DNS. In such conditions, a user with denied access toa machine can still get access. NOTE: the relevance of this issue islargely limited to openSUSE Tumbleweed and openSUSE Factory; it does notaffect Linux-PAM upstream.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-28321` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.1\nlibpam-modules - 1.4.0-11ubuntu2.1\nlibpam-modules-bin - 1.4.0-11ubuntu2.1\nlibpam-runtime - 1.4.0-11ubuntu2.1\nlibpam0g - 1.4.0-11ubuntu2.1\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-28321 https://ubuntu.com/security/notices/USN-5825-1 https://ubuntu.com/security/notices/USN-5825-2 https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://ubuntu.com/security/CVE-2022-28321', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.1'}, '2642013': {'id': '2642013', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-0395 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'When the assert() function in the GNU C Library versions 2.13 to 2.40fails, it does not allocate enough space for the assertion failure messagestring and size information, which may lead to a buffer overflow if themessage string size aligns to page size.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-0395` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.9\nlibc-bin - 2.35-0ubuntu3.9\nlibc6 - 2.35-0ubuntu3.9\nlibc6-amd64 - 2.35-0ubuntu3.9\nlibc6-i386 - 2.35-0ubuntu3.9\nlibc6-prof - 2.35-0ubuntu3.9\nlibc6-s390 - 2.35-0ubuntu3.9\nlibc6-x32 - 2.35-0ubuntu3.9\nlocales - 2.35-0ubuntu3.9\nlocales-all - 2.35-0ubuntu3.9\nnscd - 2.35-0ubuntu3.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-0395 https://ubuntu.com/security/notices/USN-7259-1 https://ubuntu.com/security/notices/USN-7259-2 https://ubuntu.com/security/notices/USN-7259-3 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://ubuntu.com/security/CVE-2025-0395', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.9'}, '2530776': {'id': '2530776', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33601 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: netgroup cache may terminate daemon on memory allocation failureThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc orxrealloc and these functions may terminate the process due to a memoryallocation failure resulting in a denial of service to the clients. Theflaw was introduced in glibc 2.15 when the cache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33601` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33601 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31679 https://ubuntu.com/security/CVE-2024-33601', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2228820': {'id': '2228820', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'ncurses-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1357966': {'id': '1357966', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3219 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'GnuPG can be made to spin on a relatively small input by (for example)crafting a public key with thousands of signatures attached, compresseddown to just a few KB.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3219 https://dev.gnupg.org/T5993 https://ubuntu.com/security/CVE-2022-3219', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gpgv', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '439420': {'id': '439420', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2013-4235 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow: TOCTOU (time-of-check time-of-use) race condition when copying andremoving directory trees\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2013-4235` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.1\npasswd - 1:4.8.1-2ubuntu2.1\nuidmap - 1:4.8.1-2ubuntu2.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2013-4235 https://ubuntu.com/security/notices/USN-5745-1 https://ubuntu.com/security/notices/USN-5745-2 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1998169 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 https://bugzilla.redhat.com/show_bug.cgi?id=884658 https://ubuntu.com/security/CVE-2013-4235', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.1'}, '2228805': {'id': '2228805', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-50495 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'NCurse v6.4-20230418 was discovered to contain a segmentation fault via thecomponent _nc_wrap_entry().', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-50495 https://ubuntu.com/security/notices/USN-6684-1 https://ubuntu.com/security/CVE-2023-50495', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libtinfo6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2416393': {'id': '2416393', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0727 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Processing a maliciously formatted PKCS12 file may leadOpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format fromuntrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come fromanuntrusted source. The PKCS12 specification allows certain fields to beNULL, butOpenSSL does not correctly check for this case. This can lead to a NULLpointerdereference that results in OpenSSL crashing. If an application processesPKCS12files from an untrusted source using the OpenSSL APIs then that applicationwillbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However sincethisfunction is related to writing data we do not consider it securitysignificant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0727` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0727 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/notices/USN-6632-1 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2024-0727', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '1673639': {'id': '1673639', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4450 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The function PEM_read_bio_ex() reads a PEM file from a BIO and parses anddecodes the "name" (e.g. "CERTIFICATE"), any header data and the payloaddata.If the function succeeds then the "name_out", "header" and "data" argumentsarepopulated with pointers to buffers containing the relevant decoded data.Thecaller is responsible for freeing those buffers. It is possible toconstruct aPEM file that results in 0 bytes of payload data. In this casePEM_read_bio_ex()will return a failure code but will populate the header argument with apointerto a buffer that has already been freed. If the caller also frees thisbufferthen a double free will occur. This will most likely lead to a crash. Thiscould be exploited by an attacker who has the ability to supply maliciousPEMfiles for parsing to achieve a denial of service attack.The functions PEM_read_bio() and PEM_read() are simple wrappers aroundPEM_read_bio_ex() and therefore these functions are also directly affected.These functions are also called indirectly by a number of other OpenSSLfunctions including PEM_X509_INFO_read_bio_ex() andSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSLinternaluses of these functions are not vulnerable because the caller does not freetheheader argument if PEM_read_bio_ex() returns a failure code. Theselocationsinclude the PEM_read_bio_TYPE() functions as well as the decodersintroduced inOpenSSL 3.0.The OpenSSL asn1parse command line application is also impacted by thisissue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-4450` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4450 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2022-4450', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2542493': {'id': '2542493', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37370 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify theplaintext Extra Count field of a confidential GSS krb5 wrap token, causingthe unwrapped token to appear truncated to the application.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37370` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37370 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37370', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '2609409': {'id': '2609409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56433 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default/etc/subuid behavior (e.g., uid 100000 through 165535 for the first useraccount) that can realistically conflict with the uids of users defined onlocally administered networks, potentially leading to account takeover,e.g., by leveraging newuidmap for access to an NFS home directory (orsame-host resources in the case of remote logins by these local networkusers). NOTE: it may also be argued that system administrators should nothave assigned uids, within local networks, that are within the range thatcan occur in /etc/subuid.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56433 https://github.com/shadow-maint/shadow/issues/1157 https://ubuntu.com/security/CVE-2024-56433', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1518586': {'id': '1518586', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-37434 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow ininflate in inflate.c via a large gzip header extra field. NOTE: onlyapplications that call inflateGetHeader are affected. Some commonapplications bundle the affected zlib source code but may be unable to callinflateGetHeader (e.g., see the nodejs/node reference).\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-37434` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlib32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlib64z1 - 1:1.2.11.dfsg-2ubuntu9.2\nlibx32z1 - 1:1.2.11.dfsg-2ubuntu9.2\nzlib1g - 1:1.2.11.dfsg-2ubuntu9.2\nNo subscription required\n\nklibc-utils - 2.0.10-4ubuntu0.1\nlibklibc - 2.0.10-4ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-37434 https://ubuntu.com/security/notices/USN-5570-1 https://ubuntu.com/security/notices/USN-5573-1 https://ubuntu.com/security/notices/USN-5570-2 https://ubuntu.com/security/notices/USN-6736-1 https://ubuntu.com/security/notices/USN-6736-2 https://ubuntu.com/security/CVE-2022-37434', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'zlib1g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:1.2.11.dfsg-2ubuntu9.2'}, '527080': {'id': '527080', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1992780': {'id': '1992780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-2650 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Processing some specially crafted ASN.1 object identifiersordata containing them may be very slow.Impact summary: Applications that use OBJ_obj2txt() directly, or use any ofthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with nomessagesize limit may experience notable to very long delays when processing thosemessages, which may lead to a Denial of Service.An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -most of which have no size limit. OBJ_obj2txt() may be used to translatean ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSLtype ASN1_OBJECT) to its canonical numeric text form, which are thesub-identifiers of the OBJECT IDENTIFIER in decimal form, separated byperiods.When one of the sub-identifiers in the OBJECT IDENTIFIER is very large(these are sizes that are seen as absurdly large, taking up tens orhundredsof KiBs), the translation to a decimal number in text may take a very longtime. The time complexity is O(n^2) with 'n' being the size of thesub-identifiers in bytes (*).With OpenSSL 3.0, support to fetch cryptographic algorithms using names /identifiers in string form was introduced. This includes using OBJECTIDENTIFIERs in canonical numeric text form as identifiers for fetchingalgorithms.Such OBJECT IDENTIFIERs may be received through the ASN.1 structureAlgorithmIdentifier, which is commonly used in multiple protocols tospecifywhat cryptographic algorithm should be used to sign or verify, encrypt ordecrypt, or digest passed data.Applications that call OBJ_obj2txt() directly with untrusted data areaffected, with any version of OpenSSL. If the use is for the mere purposeof display, the severity is considered low.In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,CMS, CMP/CRMF or TS. It also impacts anything that processes X.509certificates, including simple things like verifying its signature.The impact on TLS is relatively low, because all versions of OpenSSL have a100KiB limit on the peer's certificate chain. Additionally, this onlyimpacts clients, or servers that have explicitly enabled clientauthentication.In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,such as X.509 certificates. This is assumed to not happen in such a waythat it would cause a Denial of Service, so these versions are considerednot affected by this issue in such a way that it would be cause forconcern,and the severity is therefore considered low.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-2650` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.4\nnodejs - 12.22.9~dfsg-1ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-2650 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/notices/USN-6188-1 https://ubuntu.com/security/notices/USN-6672-1 https://ubuntu.com/security/CVE-2023-2650', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '2530610': {'id': '2530610', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2507562': {'id': '2507562', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2961 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'The iconv() function in the GNU C Library versions 2.39 and older mayoverflow the output buffer passed to it by up to 4 bytes when convertingstrings to the ISO-2022-CN-EXT character set, which may be used to crash anapplication or overwrite a neighbouring variable.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2961` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.7\nlibc-bin - 2.35-0ubuntu3.7\nlibc6 - 2.35-0ubuntu3.7\nlibc6-amd64 - 2.35-0ubuntu3.7\nlibc6-i386 - 2.35-0ubuntu3.7\nlibc6-prof - 2.35-0ubuntu3.7\nlibc6-s390 - 2.35-0ubuntu3.7\nlibc6-x32 - 2.35-0ubuntu3.7\nlocales - 2.35-0ubuntu3.7\nlocales-all - 2.35-0ubuntu3.7\nnscd - 2.35-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2961 https://ubuntu.com/security/notices/USN-6737-1 https://ubuntu.com/security/notices/USN-6737-2 https://ubuntu.com/security/notices/USN-6762-1 https://ubuntu.com/security/CVE-2024-2961', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.7'}, '1097815': {'id': '1097815', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-2509 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability found in gnutls. This security flaw happens because of adouble free error occurs during verification of pkcs7 signatures ingnutls_pkcs7_verify function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-2509` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.1\nguile-gnutls - 3.7.3-4ubuntu1.1\nlibgnutls-dane0 - 3.7.3-4ubuntu1.1\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.1\nlibgnutls30 - 3.7.3-4ubuntu1.1\nlibgnutlsxx28 - 3.7.3-4ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-2509 https://ubuntu.com/security/notices/USN-5550-1 https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) https://ubuntu.com/security/CVE-2022-2509', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.1'}, '2748132': {'id': '2748132', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1899134': {'id': '1899134', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0401 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0401` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required\n\nlibnode72 - 12.22.9~dfsg-1ubuntu3.3\nnodejs - 12.22.9~dfsg-1ubuntu3.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0401 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/notices/USN-6564-1 https://ubuntu.com/security/CVE-2023-0401', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '2217409': {'id': '2217409', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4813 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw has been identified in glibc. In an uncommon situation, thegaih_inet function may use memory that has been freed, resulting in anapplication crash. This issue is only exploitable when the getaddrinfofunction is called and the hosts database in /etc/nsswitch.conf isconfigured with SUCCESS=continue or SUCCESS=merge.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4813` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.5\nlibc-bin - 2.35-0ubuntu3.5\nlibc6 - 2.35-0ubuntu3.5\nlibc6-amd64 - 2.35-0ubuntu3.5\nlibc6-i386 - 2.35-0ubuntu3.5\nlibc6-prof - 2.35-0ubuntu3.5\nlibc6-s390 - 2.35-0ubuntu3.5\nlibc6-x32 - 2.35-0ubuntu3.5\nlocales - 2.35-0ubuntu3.5\nlocales-all - 2.35-0ubuntu3.5\nnscd - 2.35-0ubuntu3.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4813 https://ubuntu.com/security/notices/USN-6541-1 https://ubuntu.com/security/notices/USN-6541-2 https://sourceware.org/bugzilla/show_bug.cgi?id=28931 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://ubuntu.com/security/CVE-2023-4813', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libc6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.5'}, '2084535': {'id': '2084535', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '1146399': {'id': '1146399', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'gcc-12-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1899957': {'id': '1899957', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0464 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A security vulnerability has been identified in all supported versionsof OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.Policy processing is disabled by default but can be enabled by passingthe `-policy' argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0464` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0464 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0464', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1898249': {'id': '1898249', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0216 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An invalid pointer dereference on read can be triggered when anapplication tries to load malformed PKCS7 data with thed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.The result of the dereference is an application crash which couldlead to a denial of service attack. The TLS implementation in OpenSSLdoes not call this function however third party applications mightcall these functions on untrusted data.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0216` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.8\nopenssl - 3.0.2-0ubuntu1.8\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0216 https://ubuntu.com/security/notices/USN-5844-1 https://ubuntu.com/security/CVE-2023-0216', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.8'}, '960172': {'id': '960172', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2021-46828 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In libtirpc before 1.3.3rc1, remote attackers could exhaust the filedescriptors of a process that uses libtirpc because idle TCP connectionsare mishandled. This can, in turn, lead to an svc_run infinite loop withoutaccepting new connections.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2021-46828` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibtirpc-common - 1.3.2-2ubuntu0.1\nlibtirpc3 - 1.3.2-2ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2021-46828 https://ubuntu.com/security/notices/USN-5538-1 https://ubuntu.com/security/CVE-2021-46828', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libtirpc3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.3.2-2ubuntu0.1'}, '2416341': {'id': '2416341', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-0553 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability was found in GnuTLS. The response times to malformedciphertexts in RSA-PSK ClientKeyExchange differ from the response times ofciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remoteattacker to perform a timing side-channel attack in the RSA-PSK keyexchange, potentially leading to the leakage of sensitive data.CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-0553` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ngnutls-bin - 3.7.3-4ubuntu1.4\nguile-gnutls - 3.7.3-4ubuntu1.4\nlibgnutls-dane0 - 3.7.3-4ubuntu1.4\nlibgnutls-openssl27 - 3.7.3-4ubuntu1.4\nlibgnutls30 - 3.7.3-4ubuntu1.4\nlibgnutlsxx28 - 3.7.3-4ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-0553 https://ubuntu.com/security/notices/USN-6593-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://ubuntu.com/security/CVE-2024-0553', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgnutls30', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.7.3-4ubuntu1.4'}, '2836780': {'id': '2836780', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-6020 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The module pam_namespace may use accessuser-controlled paths without proper protection, allowing local users toelevate their privileges to root via multiple symlink attacks and raceconditions.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-6020` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.6\nlibpam-modules - 1.4.0-11ubuntu2.6\nlibpam-modules-bin - 1.4.0-11ubuntu2.6\nlibpam-runtime - 1.4.0-11ubuntu2.6\nlibpam0g - 1.4.0-11ubuntu2.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-6020 https://ubuntu.com/security/notices/USN-7580-1 https://ubuntu.com/security/CVE-2025-6020', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.6'}, '2259833': {'id': '2259833', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-7008 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in systemd-resolved. This issue may allowsystemd-resolved to accept records of DNSSEC-signed domains even when theyhave no signature, allowing man-in-the-middles (or the upstream DNSresolver) to manipulate records.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://github.com/systemd/systemd/issues/15158 (older) https://github.com/systemd/systemd/issues/25676 (newer) https://ubuntu.com/security/CVE-2023-7008', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980564': {'id': '980564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libext2fs2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2748164': {'id': '2748164', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2530602': {'id': '2530602', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-33600 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "nscd: Null pointer crashes after notfound responseIf the Name Service Cache Daemon's (nscd) cache fails to add a not-foundnetgroup response to the cache, the client request can result in a nullpointer dereference. This flaw was introduced in glibc 2.15 when thecache was added to nscd.This vulnerability is only present in the nscd binary.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-33600` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nglibc-source - 2.35-0ubuntu3.8\nlibc-bin - 2.35-0ubuntu3.8\nlibc6 - 2.35-0ubuntu3.8\nlibc6-amd64 - 2.35-0ubuntu3.8\nlibc6-i386 - 2.35-0ubuntu3.8\nlibc6-prof - 2.35-0ubuntu3.8\nlibc6-s390 - 2.35-0ubuntu3.8\nlibc6-x32 - 2.35-0ubuntu3.8\nlocales - 2.35-0ubuntu3.8\nlocales-all - 2.35-0ubuntu3.8\nnscd - 2.35-0ubuntu3.8\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-33600 https://ubuntu.com/security/notices/USN-6804-1 https://sourceware.org/bugzilla/show_bug.cgi?id=31678 https://ubuntu.com/security/CVE-2024-33600', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libc-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.35-0ubuntu3.8'}, '2485520': {'id': '2485520', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-modules-bin', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2496750': {'id': '2496750', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26461 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in/krb5/src/lib/gssapi/krb5/k5sealv3.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26461` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26461 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26461', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2005452': {'id': '2005452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-29383 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'In Shadow 4.13, it is possible to inject control characters into fieldsprovided to the SUID program chfn (change finger). Although it is notpossible to exploit this directly (e.g., adding a new user fails because \\nis in the block list), it is possible to misrepresent the /etc/passwd filewhen viewed. Use of \\r manipulations and Unicode characters to work aroundblocking of the : character make it possible to give the impression that anew user has been added. In other words, an adversary may be able toconvince a system administrator to take the system offline (an indirect,social-engineered denial of service) by demonstrating that "cat/etc/passwd" shows a rogue user account.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-29383 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034482 https://ubuntu.com/security/CVE-2023-29383', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'passwd', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '980557': {'id': '980557', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1304 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.This issue leads to a segmentation fault and possibly arbitrary codeexecution via a specially crafted filesystem.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1304` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\ne2fsck-static - 1.46.5-2ubuntu1.1\ne2fsprogs - 1.46.5-2ubuntu1.1\ne2fsprogs-l10n - 1.46.5-2ubuntu1.1\nfuse2fs - 1.46.5-2ubuntu1.1\nlibcom-err2 - 1.46.5-2ubuntu1.1\nlibext2fs2 - 1.46.5-2ubuntu1.1\nlibss2 - 1.46.5-2ubuntu1.1\nlogsave - 1.46.5-2ubuntu1.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1304 https://ubuntu.com/security/notices/USN-5464-1 https://bugzilla.redhat.com/show_bug.cgi?id=2069726 https://bugzilla.redhat.com/show_bug.cgi?id=2068113 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010263 https://ubuntu.com/security/CVE-2022-1304', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libcom-err2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.46.5-2ubuntu1.1'}, '2499866': {'id': '2499866', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libuuid1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:2.37.2-4ubuntu3.4'}, '2542760': {'id': '2542760', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-37371 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalidmemory reads during GSS message token handling by sending message tokenswith invalid length fields.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-37371` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.4\nkrb5-gss-samples - 1.19.2-2ubuntu0.4\nkrb5-k5tls - 1.19.2-2ubuntu0.4\nkrb5-kdc - 1.19.2-2ubuntu0.4\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.4\nkrb5-kpropd - 1.19.2-2ubuntu0.4\nkrb5-locales - 1.19.2-2ubuntu0.4\nkrb5-multidev - 1.19.2-2ubuntu0.4\nkrb5-otp - 1.19.2-2ubuntu0.4\nkrb5-pkinit - 1.19.2-2ubuntu0.4\nkrb5-user - 1.19.2-2ubuntu0.4\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.4\nlibgssrpc4 - 1.19.2-2ubuntu0.4\nlibk5crypto3 - 1.19.2-2ubuntu0.4\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.4\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.4\nlibkdb5-10 - 1.19.2-2ubuntu0.4\nlibkrad0 - 1.19.2-2ubuntu0.4\nlibkrb5-3 - 1.19.2-2ubuntu0.4\nlibkrb5support0 - 1.19.2-2ubuntu0.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-37371 https://ubuntu.com/security/notices/USN-6947-1 https://ubuntu.com/security/CVE-2024-37371', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5-3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.4'}, '1523087': {'id': '1523087', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libsystemd0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}, '2854580': {'id': '2854580', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-8941 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A flaw was found in linux-pam. The pam_namespace module may improperlyhandle user-controlled paths, allowing local users to exploit symlinkattacks and race conditions to elevate their privileges to root. This CVEprovides a "complete" fix for CVE-2025-6020.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://ubuntu.com/security/CVE-2025-8941', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam-runtime', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2618564': {'id': '2618564', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-6119 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denialofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name ofanX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) isnotaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier(expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and theseverityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-6119` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.18\nopenssl - 3.0.2-0ubuntu1.18\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'http gunicorn-web stdout | s://www.cve.org/CVERecord?id=CVE-2024-6119 https://ubuntu.com/security/notices/USN-6986-1 https://ubuntu.com/security/CVE-2024-6119', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.18'}, '2493064': {'id': '2493064', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-2511 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: Some non-default TLS server configurations can causeunboundedmemory growth when processing TLSv1.3 sessionsImpact summary: An attacker may exploit certain server configurations totriggerunbounded memory growth that would lead to a Denial of ServiceThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKEToption isbeing used (but not if early_data support is also configured and thedefaultanti-replay protection is in use). In this case, under certain conditions,thesession cache can get into an incorrect state and it will fail to flushproperlyas it fills. The session cache will continue to grow in an unboundedmanner. Amalicious client could deliberately create the scenario for this failure toforce a Denial of Service. It may also happen by accident in normaloperation.This issue only affects TLS servers supporting TLSv1.3. It does not affectTLSclients.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.OpenSSL1.0.2 is also not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-2511` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.17\nopenssl - 3.0.2-0ubuntu1.17\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-2511 https://ubuntu.com/security/notices/USN-6937-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068658 https://ubuntu.com/security/CVE-2024-2511', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.17'}, '2254470': {'id': '2254470', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-6237 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial ofServiceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-6237` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.14\nopenssl - 3.0.2-0ubuntu1.14\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-6237 https://ubuntu.com/security/notices/USN-6622-1 https://ubuntu.com/security/CVE-2023-6237', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.14'}, '2206787': {'id': '2206787', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-4641 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A flaw was found in shadow-utils. When asking for a new password,shadow-utils asks the password twice. If the password fails on the secondattempt, shadow-utils fails in cleaning the buffer used to store the firstentry. This may allow an attacker with enough access to retrieve thepassword from the memory.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-4641` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlogin - 1:4.8.1-2ubuntu2.2\npasswd - 1:4.8.1-2ubuntu2.2\nuidmap - 1:4.8.1-2ubuntu2.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-4641 https://ubuntu.com/security/notices/USN-6640-1 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051062 https://ubuntu.com/security/CVE-2023-4641', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'login', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:4.8.1-2ubuntu2.2'}, '2496629': {'id': '2496629', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2499906': {'id': '2499906', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-28085 on Ubuntu 22.04 LTS (jammy) - medium', 'description': "wall in util-linux through 2.40, often installed with setgid ttypermissions, allows escape sequences to be sent to other users' terminalsthrough argv. (Specifically, escape sequences received from stdin areblocked, but escape sequences received from argv are not blocked.) Theremay be plausible scenarios where this leads to account takeover.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-28085` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nbsdextrautils - 2.37.2-4ubuntu3.4\neject - 2.37.2-4ubuntu3.4\nfdisk - 2.37.2-4ubuntu3.4\nlibblkid1 - 2.37.2-4ubuntu3.4\nlibfdisk1 - 2.37.2-4ubuntu3.4\nlibmount1 - 2.37.2-4ubuntu3.4\nlibsmartcols1 - 2.37.2-4ubuntu3.4\nlibuuid1 - 2.37.2-4ubuntu3.4\nmount - 2.37.2-4ubuntu3.4\nrfkill - 2.37.2-4ubuntu3.4\nutil-linux - 2.37.2-4ubuntu3.4\nutil-linux-locales - 2.37.2-4ubuntu3.4\nuuid-runtime - 2.37.2-4ubuntu3.4\nbsdutils - 1:2.37.2-4ubuntu3.4\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-28085 https://ubuntu.com/security/notices/USN-6719-1 https://ubuntu.com/security/notices/USN-6719-2 https://ubuntu.com/security/CVE-2024-28085', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'bsdutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '1:2.37.2-4ubuntu3.4'}, '2213179': {'id': '2213179', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-47039 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'A vulnerability was found in Perl. This security issue occurs while Perlfor Windows relies on the system path environment variable to find theshell (`cmd.exe`). When running an executable that uses the Windows Perlinterpreter, Perl attempts to find and execute `cmd.exe` within theoperating system. However, due to path search order issues, Perl initiallylooks for cmd.exe in the current working directory. This flaw allows anattacker with limited privileges to place`cmd.exe` in locations with weakpermissions, such as `C:\\ProgramData`. By doing so, arbitrary code can beexecuted when an administrator attempts to use this executable from thesecompromised locations.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-47039 https://ubuntu.com/security/CVE-2023-47039', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '1900229': {'id': '1900229', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-0466 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate verification.As suddenly enabling the policy check could break existing deployments itwasdecided to keep the existing behavior of theX509_VERIFY_PARAM_add0_policy()function.Instead the applications that require OpenSSL to perform certificatepolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitlyenable the policy check by calling X509_VERIFY_PARAM_set_flags() withthe X509_V_FLAG_POLICY_CHECK flag argument.Certificate policy checks are disabled by default in OpenSSL and are notcommonly used by applications.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-0466` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.9\nopenssl - 3.0.2-0ubuntu1.9\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-0466 https://ubuntu.com/security/notices/USN-6039-1 https://ubuntu.com/security/CVE-2023-0466', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.9'}, '1148585': {'id': '1148585', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-27943 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption indemangle_const, as demonstrated by nm-new.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-27943 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 https://sourceware.org/bugzilla/show_bug.cgi?id=28995 https://ubuntu.com/security/CVE-2022-27943', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libstdc++6', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2815552': {'id': '2815552', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-5278 on Ubuntu 22.04 LTS (jammy) - low', 'description': "A flaw was found in GNU Coreutils. The sort utility's begfield() functionis vulnerable to a heap buffer under-read. The program may access memoryoutside the allocated buffer if a user runs a crafted command using thetraditional key format. A malicious input could lead to a crash or leaksensitive data.", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-5278 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106733 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507 https://ubuntu.com/security/CVE-2025-5278', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'coreutils', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2084543': {'id': '2084543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-36054 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticateduser can trigger a kadmind crash. This occurs because_xdr_kadm5_principal_ent_rec does not validate the relationship betweenn_key_data and the key_data array count.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-36054` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.3\nkrb5-gss-samples - 1.19.2-2ubuntu0.3\nkrb5-k5tls - 1.19.2-2ubuntu0.3\nkrb5-kdc - 1.19.2-2ubuntu0.3\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.3\nkrb5-kpropd - 1.19.2-2ubuntu0.3\nkrb5-locales - 1.19.2-2ubuntu0.3\nkrb5-multidev - 1.19.2-2ubuntu0.3\nkrb5-otp - 1.19.2-2ubuntu0.3\nkrb5-pkinit - 1.19.2-2ubuntu0.3\nkrb5-user - 1.19.2-2ubuntu0.3\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.3\nlibgssrpc4 - 1.19.2-2ubuntu0.3\nlibk5crypto3 - 1.19.2-2ubuntu0.3\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.3\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.3\nlibkdb5-10 - 1.19.2-2ubuntu0.3\nlibkrad0 - 1.19.2-2ubuntu0.3\nlibkrb5-3 - 1.19.2-2ubuntu0.3\nlibkrb5support0 - 1.19.2-2ubuntu0.3\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-36054 https://ubuntu.com/security/notices/USN-6467-1 https://ubuntu.com/security/notices/USN-6467-2 https://ubuntu.com/security/CVE-2023-36054', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.3'}, '2609312': {'id': '2609312', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-56406 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A heap buffer overflow vulnerability was discovered in Perl.Release branches 5.34, 5.36, 5.38 and 5.40 are affected, includingdevelopment versions from 5.33.1 through 5.41.10.When there are non-ASCII bytes in the left-hand-side of the `tr` operator,`S_do_trans_invmap` can overflow the destination pointer `d`.\xa0 \xa0$ perl -e \'$_ = "\\x{FF}" x 1000000; tr/\\xFF/\\x{100}/;\'\xa0 \xa0Segmentation fault (core dumped)It is believed that this vulnerability can enable Denial of Service andpossibly Code Execution attacks on platforms that lack sufficient defenses.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-56406` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.4\nperl - 5.34.0-3ubuntu1.4\nperl-base - 5.34.0-3ubuntu1.4\nperl-debug - 5.34.0-3ubuntu1.4\nperl-modules-5.34 - 5.34.0-3ubuntu1.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-56406 https://ubuntu.com/security/notices/USN-7434-1 https://ubuntu.com/security/notices/USN-7434-2 https://ubuntu.com/security/CVE-2024-56406', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.4'}, '456116': {'id': '456116', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2017-11164 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.callows stack exhaustion (uncontrolled recursion) when processing a craftedregular expression.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2017-11164 https://ubuntu.com/security/CVE-2017-11164', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libpcre3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '983329': {'id': '983329', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-1587 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'An out-of-bounds read vulnerability was discovered in the PCRE2 library inthe get_recurse_data_length() function of the pcre2_jit_compile.c file.This issue affects recursions in JIT-compiled regular expressions caused byduplicate data transfers.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-1587` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpcre2-16-0 - 10.39-3ubuntu0.1\nlibpcre2-32-0 - 10.39-3ubuntu0.1\nlibpcre2-8-0 - 10.39-3ubuntu0.1\nlibpcre2-posix3 - 10.39-3ubuntu0.1\npcre2-utils - 10.39-3ubuntu0.1\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-1587 https://ubuntu.com/security/notices/USN-5627-1 https://ubuntu.com/security/notices/USN-5627-2 https://ubuntu.com/security/CVE-2022-1587', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libpcre2-8-0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:10.39-3ubuntu0.1'}, '2485534': {'id': '2485534', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-22365 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denialof service (blocked login process) via mkfifo because the openat call (forprotect_dir) lacks O_DIRECTORY.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-22365` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibpam-cracklib - 1.4.0-11ubuntu2.4\nlibpam-modules - 1.4.0-11ubuntu2.4\nlibpam-modules-bin - 1.4.0-11ubuntu2.4\nlibpam-runtime - 1.4.0-11ubuntu2.4\nlibpam0g - 1.4.0-11ubuntu2.4\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-22365 https://ubuntu.com/security/notices/USN-6588-1 https://ubuntu.com/security/notices/USN-6588-2 https://ubuntu.com/security/CVE-2024-22365', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libpam0g', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.4.0-11ubuntu2.4'}, '2780987': {'id': '2780987', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '527049': {'id': '527049', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2018-5709 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There isa variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store16-bit data but unknowingly the developer has assigned a "u4" variable toit, which is for 32-bit data. An attacker can use this vulnerability toaffect other artifacts of the database as we know that a Kerberos databasedump file contains trusted data.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2018-5709 https://ubuntu.com/security/CVE-2018-5709', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libk5crypto3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2054946': {'id': '2054946', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-31484 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'CPAN.pm before 2.35 does not verify TLS certificates when downloadingdistributions over HTTPS.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-31484` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibperl5.34 - 5.34.0-3ubuntu1.2\nperl - 5.34.0-3ubuntu1.2\nperl-base - 5.34.0-3ubuntu1.2\nperl-debug - 5.34.0-3ubuntu1.2\nperl-modules-5.34 - 5.34.0-3ubuntu1.2\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-31484 https://ubuntu.com/security/notices/USN-6112-1 https://ubuntu.com/security/notices/USN-6112-2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109 https://ubuntu.com/security/CVE-2023-31484', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'perl-base', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:5.34.0-3ubuntu1.2'}, '2081444': {'id': '2081444', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-3446 on Ubuntu 22.04 LTS (jammy) - low', 'description': "Issue summary: Checking excessively long DH keys or parameters may be veryslow.Impact summary: Applications that use the functions DH_check(),DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experiencelongdelays. Where the key or parameters that are being checked have beenobtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One ofthosechecks confirms that the modulus ('p' parameter) is not too large. Tryingto usea very large modulus is slow and OpenSSL will not normally use a moduluswhichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key orparametersthat have been supplied. Some of those checks use the supplied modulusvalueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parametersobtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSLfunctions.An application calling any of those other functions may similarly beaffected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command lineapplicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-3446` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.12\nopenssl - 3.0.2-0ubuntu1.12\nNo subscription required", 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-3446 https://ubuntu.com/security/notices/USN-6435-1 https://ubuntu.com/security/notices/USN-6450-1 https://ubuntu.com/security/notices/USN-6435-2 https://ubuntu.com/security/notices/USN-6709-1 https://ubuntu.com/security/notices/USN-7018-1 https://ubuntu.com/security/CVE-2023-3446', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.12'}, '1911543': {'id': '1911543', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2023-1255 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bitARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform willreadpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after theciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2023-1255` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibssl3 - 3.0.2-0ubuntu1.10\nopenssl - 3.0.2-0ubuntu1.10\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2023-1255 https://ubuntu.com/security/notices/USN-6119-1 https://ubuntu.com/security/CVE-2023-1255', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libssl3', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:3.0.2-0ubuntu1.10'}, '1700452': {'id': '1700452', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-4899 on Ubuntu 22.04 LTS (jammy) - low', 'description': 'A vulnerability was found in zstd v1.4.10, where an attacker can supplyempty string as an argument to the command line tool to cause bufferoverrun.', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-4899 https://github.com/facebook/zstd/issues/3200 https://ubuntu.com/security/CVE-2022-4899', 'severity': '', 'normalized_severity': 'Low', 'package': {'id': '', 'name': 'libzstd1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': ''}, '2537382': {'id': '2537382', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-3596 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a localattacker who can modify any valid Response (Access-Accept, Access-Reject,or Access-Challenge) to any other response using a chosen-prefix collisionattack against MD5 Response Authenticator signature.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-3596` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nfreeradius - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-common - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-config - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-dhcp - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-iodbc - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-krb5 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-ldap - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-memcached - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-mysql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-postgresql - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-python3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-redis - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-rest - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-utils - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nfreeradius-yubikey - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nlibfreeradius3 - 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3\nNo subscription required\n\nkrb5-admin-server - 1.19.2-2ubuntu0.5\nkrb5-gss-samples - 1.19.2-2ubuntu0.5\nkrb5-k5tls - 1.19.2-2ubuntu0.5\nkrb5-kdc - 1.19.2-2ubuntu0.5\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.5\nkrb5-kpropd - 1.19.2-2ubuntu0.5\nkrb5-locales - 1.19.2-2ubuntu0.5\nkrb5-multidev - 1.19.2-2ubuntu0.5\nkrb5-otp - 1.19.2-2ubuntu0.5\nkrb5-pkinit - 1.19.2-2ubuntu0.5\nkrb5-user - 1.19.2-2ubuntu0.5\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.5\nlibgssrpc4 - 1.19.2-2ubuntu0.5\nlibk5crypto3 - 1.19.2-2ubuntu0.5\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.5\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.5\nlibkdb5-10 - 1.19.2-2ubuntu0.5\nlibkrad0 - 1.19.2-2ubuntu0.5\nlibkrb5-3 - 1.19.2-2ubuntu0.5\nlibkrb5support0 - 1.19.2-2ubuntu0.5\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-3596 https://ubuntu.com/security/notices/USN-7055-1 https://ubuntu.com/security/notices/USN-7257-1 https://ubuntu.com/security/CVE-2024-3596', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.5'}, '2496566': {'id': '2496566', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2024-26458 on Ubuntu 22.04 LTS (jammy) - negligible', 'description': 'Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in/krb5/src/lib/rpc/pmap_rmt.c.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2024-26458` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2024-26458 https://ubuntu.com/security/notices/USN-7314-1 https://ubuntu.com/security/CVE-2024-26458', 'severity': '', 'normalized_severity': 'Negligible', 'package': {'id': '', 'name': 'libgssapi-krb5-2', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '2781010': {'id': '2781010', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-3576 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'A vulnerability in the MIT Kerberos implementation allows GSSAPI-protectedmessages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5checksum design. If RC4 is preferred over stronger encryption types, anattacker could exploit MD5 collisions to forge message integrity codes.This may lead to unauthorized message tampering.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-3576` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.7\nkrb5-gss-samples - 1.19.2-2ubuntu0.7\nkrb5-k5tls - 1.19.2-2ubuntu0.7\nkrb5-kdc - 1.19.2-2ubuntu0.7\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.7\nkrb5-kpropd - 1.19.2-2ubuntu0.7\nkrb5-locales - 1.19.2-2ubuntu0.7\nkrb5-multidev - 1.19.2-2ubuntu0.7\nkrb5-otp - 1.19.2-2ubuntu0.7\nkrb5-pkinit - 1.19.2-2ubuntu0.7\nkrb5-user - 1.19.2-2ubuntu0.7\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.7\nlibgssrpc4 - 1.19.2-2ubuntu0.7\nlibk5crypto3 - 1.19.2-2ubuntu0.7\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.7\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.7\nlibkdb5-10 - 1.19.2-2ubuntu0.7\nlibkrad0 - 1.19.2-2ubuntu0.7\nlibkrb5-3 - 1.19.2-2ubuntu0.7\nlibkrb5support0 - 1.19.2-2ubuntu0.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-3576 https://ubuntu.com/security/notices/USN-7542-1 https://ubuntu.com/security/CVE-2025-3576', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.7'}, '2748170': {'id': '2748170', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2025-24528 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'In MIT krb5 release 1.7 and later with incremental propagation enabled, anauthenticated attacker can cause kadmind to write beyond the end of themapped region for the iprop log file, likely causing a process crash.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2025-24528` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nkrb5-admin-server - 1.19.2-2ubuntu0.6\nkrb5-gss-samples - 1.19.2-2ubuntu0.6\nkrb5-k5tls - 1.19.2-2ubuntu0.6\nkrb5-kdc - 1.19.2-2ubuntu0.6\nkrb5-kdc-ldap - 1.19.2-2ubuntu0.6\nkrb5-kpropd - 1.19.2-2ubuntu0.6\nkrb5-locales - 1.19.2-2ubuntu0.6\nkrb5-multidev - 1.19.2-2ubuntu0.6\nkrb5-otp - 1.19.2-2ubuntu0.6\nkrb5-pkinit - 1.19.2-2ubuntu0.6\nkrb5-user - 1.19.2-2ubuntu0.6\nlibgssapi-krb5-2 - 1.19.2-2ubuntu0.6\nlibgssrpc4 - 1.19.2-2ubuntu0.6\nlibk5crypto3 - 1.19.2-2ubuntu0.6\nlibkadm5clnt-mit12 - 1.19.2-2ubuntu0.6\nlibkadm5srv-mit12 - 1.19.2-2ubuntu0.6\nlibkdb5-10 - 1.19.2-2ubuntu0.6\nlibkrad0 - 1.19.2-2ubuntu0.6\nlibkrb5-3 - 1.19.2-2ubuntu0.6\nlibkrb5support0 - 1.19.2-2ubuntu0.6\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2025-24528 https://ubuntu.com/security/notices/USN-7314-1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://ubuntu.com/security/CVE-2025-24528', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libkrb5support0', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:1.19.2-2ubuntu0.6'}, '1523094': {'id': '1523094', 'updater': 'ubuntu/updater/jammy', 'name': 'CVE-2022-3821 on Ubuntu 22.04 LTS (jammy) - medium', 'description': 'An off-by-one Error issue was discovered in Systemd in format_timespan()function of time-util.c. An attacker could supply specific values for timeand accuracy that leads to buffer overrun in format_timespan(), leading toa Denial of Service.\n\n Update Instructions:\n\n Run `sudo pro fix CVE-2022-3821` to fix the vulnerability. The problem can be corrected\n by updating your system to the following package versions:\n\nlibnss-myhostname - 249.11-0ubuntu3.7\nlibnss-mymachines - 249.11-0ubuntu3.7\nlibnss-resolve - 249.11-0ubuntu3.7\nlibnss-systemd - 249.11-0ubuntu3.7\nlibpam-systemd - 249.11-0ubuntu3.7\nlibsystemd0 - 249.11-0ubuntu3.7\nlibudev1 - 249.11-0ubuntu3.7\nsystemd - 249.11-0ubuntu3.7\nsystemd-container - 249.11-0ubuntu3.7\nsystemd-coredump - 249.11-0ubuntu3.7\nsystemd-journal-remote - 249.11-0ubuntu3.7\nsystemd-oomd - 249.11-0ubuntu3.7\nsystemd-repart - 249.11-0ubuntu3.7\nsystemd-standalone-sysusers - 249.11-0ubuntu3.7\nsystemd-standalone-tmpfiles - 249.11-0ubuntu3.7\nsystemd-sysv - 249.11-0ubuntu3.7\nsystemd-tests - 249.11-0ubuntu3.7\nsystemd-timesyncd - 249.11-0ubuntu3.7\nudev - 249.11-0ubuntu3.7\nNo subscription required', 'issued': '0001-01-01T00:00:00Z', 'links': 'https://www.cve.org/CVERecord?id=CVE-2022-3821 https://ubuntu.com/security/notices/USN-5928-1 https://github.com/systemd/systemd/issues/23928 https://bugzilla.redhat.com/show_bug.cgi?id=2139327 https://ubuntu.com/security/CVE-2022-3821', 'severity': '', 'normalized_severity': 'Medium', 'package': {'id': '', 'name': 'libudev1', 'version': '', 'kind': 'binary'}, 'distribution': {'id': '', 'did': 'ubuntu', 'name': 'Ubuntu', 'version': '22.04 (Jammy)', 'version_code_name': 'jammy', 'version_id': '22.04', 'arch': '', 'cpe': '', 'pretty_name': 'Ubuntu 22.04'}, 'repository': {}, 'fixed_in_version': '0:249.11-0ubuntu3.7'}}, 'package_vulnerabilities': {'2054': ['2815552', '451117'], '2180': ['2499856'], '2156': ['2854564', '2836550', '2485513', '2418382', '1257883'], '2092': ['2499829'], '2064': ['2843395'], '2220': ['2837991', '2228820', '2007560', '1266677'], '2122': ['2844066', '2780428', '2780405', '2780383', '2502681', '2502649', '2428531', '2416373', '2416341', '2241402', '1899098', '1097815'], '2072': ['2764035', '1506477', '1357966'], '2242': ['1518586'], '2102': ['2665338', '1988933', '1988914'], '2192': ['2837900', '2228805', '2007548', '1266661'], '2118': ['2485497'], '2136': ['2781005', '2748164', '2542760', '2542538', '2537457', '2496794', '2496622', '2084561', '1664817', '527079'], '2182': ['980572'], '2198': ['2790713', '2259833', '1672464', '1523094'], '2216': ['2499870'], '2240': ['2499877'], '2132': ['2780987', '2748132', '2542723', '2542506', '2537412', '2496760', '2496581', '2084543', '1664783', '527049'], '1210': ['2837981', '2228814', '2007554', '1266669'], '2224': ['2783212', '2609312', '2213179', '2213138', '2055397', '2054946', '1699553', '664239'], '2190': ['2428498', '960182'], '2168': ['2114475'], '2186': ['2121872', '1148585'], '2206': ['1700452'], '2222': ['2609409', '2206794', '2005452', '439426'], '2104': ['980557'], '2138': ['2781010', '2748170', '2542767', '2542545', '2537469', '2496802', '2496629', '2084566', '1664838', '527080'], '2234': ['2790153', '2112903', '1696964'], '2096': ['2850980', '2796851', '2642013', '2530846', '2530776', '2530602', '2530292', '2507554', '2231223', '2221332', '2217400', '2217290', '448580'], '2226': ['2114483'], '2158': ['2854573', '2836745', '2485520', '2418389', '1257888'], '2164': ['1540355', '983329', '982616'], '2112': ['980564'], '2116': ['2121322', '1148428'], '2210': ['980580'], '2196': ['960172'], '2202': ['2499866'], '2166': ['456116'], '2126': ['2780976', '2748113', '2542705', '2542493', '2537382', '2496750', '2496566', '2084535', '1664774', '527035'], '2070': ['2120044', '1146399'], '2188': ['2790703', '2259827', '1672454', '1523087'], '1186': ['960164'], '2148': ['2837880', '2228793', '2007536', '1266500'], '2162': ['2854594', '2836780', '2485534', '2418401', '1257896'], '2052': ['2499906'], '2050': ['1516509'], '2066': ['980539'], '2208': ['2609399', '2206787', '2005450', '439420'], '1152': ['2854580', '2836773', '2485527', '2418394', '1257892'], '2146': ['2837871', '2228777', '2007527', '1266440'], '2184': ['2855865', '2754142', '2639770', '2618564', '2608368', '2568777', '2566448', '2555052', '2493064', '2437744', '2416393', '2254470', '2241578', '2239547', '2237102', '2095595', '2081444', '2009187', '1992780', '1911543', '1900229', '1900100', '1899957', '1899134', '1898382', '1898296', '1898249', '1898080', '1673639', '1667292', '1546763', '1537787', '1536015', '1521540', '1509825', '1367092', '993638', '993107'], '2098': ['2850988', '2796861', '2642019', '2530853', '2530781', '2530610', '2530298', '2507562', '2231231', '2221340', '2217409', '2217297', '448590'], '2144': ['2499847']}, 'enrichments': {}} gunicorn-web stdout | 2025-11-04 09:09:46,198 [246] [DEBUG] [app] Ending request: urn:request:1c9153d0-ac64-45a8-b7ff-ec3b6bfc0c8a (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security) {'endpoint': 'api.repositorymanifestsecurity', 'request_id': 'urn:request:1c9153d0-ac64-45a8-b7ff-ec3b6bfc0c8a', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security', 'parameters': {'vulnerabilities': 'true'}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:46,198 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:46 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.1" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.079 1824 0.079) gunicorn-web stdout | 2025-11-04 09:09:46,200 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:46 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f/security?vulnerabilities=true HTTP/1.0" 200 380147 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" storagereplication stdout | 2025-11-04 09:09:46,234 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:46,248 [246] [DEBUG] [app] Starting request: urn:request:7d52caba-5f04-44e7-a4df-14f663690a1f (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:46,249 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,249 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,249 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,260 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,261 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,262 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:46,268 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,269 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:46,275 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,279 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,282 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,286 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,290 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "tag" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t2"."lifetime_end_ms" IS %s) OR ("t2"."lifetime_end_ms" > %s))) AND ("t2"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247386289, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,295 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" INNER JOIN "manifestchild" AS "t2" ON ("t2"."child_manifest_id" = "t1"."id") INNER JOIN "tag" AS "t3" ON ("t3"."manifest_id" = "t2"."manifest_id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."digest" = %s)) AND (("t3"."lifetime_end_ms" IS %s) OR ("t3"."lifetime_end_ms" > %s))) AND ("t3"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', None, 1762247386294, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,299 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [47, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,303 [246] [DEBUG] [peewee] ('SELECT "t1"."uuid" FROM "imagestorage" AS "t1" INNER JOIN "uploadedblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,307 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."storage_id", "t1"."location_id", "t2"."id", "t2"."uuid", "t2"."image_size", "t2"."uncompressed_size", "t2"."uploading", "t2"."cas_path", "t2"."content_checksum" FROM "imagestorageplacement" AS "t1" INNER JOIN "imagestorage" AS "t2" ON ("t1"."storage_id" = "t2"."id") WHERE ("t2"."uuid" = %s)', ['c3748d9b-83f1-4f7e-a201-a59de1165e5d']) gunicorn-web stdout | 2025-11-04 09:09:46,310 [246] [DEBUG] [boto3.resources.factory] Loading s3:Object gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [botocore.hooks] Event creating-resource-class.s3.Object: calling handler ._handler at 0x7eff5be89b20> gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [boto3.resources.action] Calling s3:get_object with {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'} gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,311 [246] [DEBUG] [botocore.hooks] Event before-parameter-build.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event before-endpoint-resolution.s3: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.regions] Calling endpoint provider with parameters: {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'Endpoint': 'https://s3.openshift-storage.svc.cluster.local:443', 'ForcePathStyle': True, 'Accelerate': False, 'UseGlobalEndpoint': True, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True} gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.regions] Endpoint provider result: https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84 gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.regions] Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None" gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.regions] Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True} gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event before-call.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.endpoint] Making request for OperationModel(name=GetObject) with params: {'url_path': '/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource'}, 'body': b'', 'auth_path': '/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'url': 'https://s3.openshift-storage.svc.cluster.local:443/quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 'context': {'client_region': 'us-east-1', 'client_config': , 'has_streaming_input': False, 'auth_type': 'v4', 's3_redirect': {'redirected': False, 'bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'params': {'Bucket': 'quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84', 'Key': 'datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765'}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}}} gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event choose-signer.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.hooks] Event before-sign.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.auth] Calculating signature using v4 auth. gunicorn-web stdout | 2025-11-04 09:09:46,312 [246] [DEBUG] [botocore.auth] CanonicalRequest: gunicorn-web stdout | GET gunicorn-web stdout | /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 gunicorn-web stdout | host:s3.openshift-storage.svc.cluster.local gunicorn-web stdout | x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | x-amz-date:20251104T090946Z gunicorn-web stdout | host;x-amz-content-sha256;x-amz-date gunicorn-web stdout | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [DEBUG] [botocore.auth] StringToSign: gunicorn-web stdout | AWS4-HMAC-SHA256 gunicorn-web stdout | 20251104T090946Z gunicorn-web stdout | 20251104/us-east-1/s3/aws4_request gunicorn-web stdout | a371e6d6db664ffca66cec3a7c466147ee1c7b2cb3e7c1d1d7a9fb44fb60d937 gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [DEBUG] [botocore.auth] Signature: gunicorn-web stdout | 5e269f38ba7d7b4bf766800a6e4864600a00820ae55187a3435d732d2db2d37e gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [DEBUG] [botocore.hooks] Event request-created.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [DEBUG] [botocore.endpoint] Sending http request: gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [DEBUG] [botocore.hooks] Event before-send.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [ERROR] [storage.cloud] [OTEL] request {'User-Agent': b'Boto3/1.28.61 md/Botocore#1.31.61 ua/2.0 os/linux#5.14.0-570.60.1.el9_6.x86_64 md/arch#x86_64 lang/python#3.12.9 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.31.61 Resource', 'X-Amz-Date': b'20251104T090946Z', 'X-Amz-Content-SHA256': b'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'Authorization': b'AWS4-HMAC-SHA256 Credential=e4bs1VRU5uzVgbV0vo0m/20251104/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=5e269f38ba7d7b4bf766800a6e4864600a00820ae55187a3435d732d2db2d37e', 'amz-sdk-invocation-id': b'6a72dfde-d920-46b1-a0d3-cec0a556fc92', 'amz-sdk-request': b'attempt=1', 'traceparent': '00-0-0-01', 'x-b3-traceid': '0', 'x-b3-spanid': '0', 'x-b3-parentspanid': '0', 'x-b3-sampled': '1'} gunicorn-web stdout | 2025-11-04 09:09:46,313 [246] [DEBUG] [botocore.httpsession] Certificate path: /opt/app-root/lib64/python3.12/site-packages/certifi/cacert.pem gunicorn-web stdout | 2025-11-04 09:09:46,325 [246] [DEBUG] [urllib3.connectionpool] https://s3.openshift-storage.svc.cluster.local:443 "GET /quay-datastore-9ec8c64f-634d-46cf-a28d-9c4f02006a84/datastorage/registry/sha256/af/af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765 HTTP/1.1" 200 1461 gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [botocore.parsers] Response headers: {'Server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcldqi-81aclk-10oq', 'x-amz-id-2': 'mhkcldqi-81aclk-10oq', 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'Last-Modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'Content-Type': 'application/octet-stream', 'Content-Length': '1461', 'Accept-Ranges': 'bytes', 'Date': 'Tue, 04 Nov 2025 09:09:46 GMT', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=5'} gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [botocore.parsers] Response body: gunicorn-web stdout | gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [botocore.retryhandler] No retry needed. gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [botocore.hooks] Event needs-retry.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [botocore.hooks] Event after-call.s3.GetObject: calling handler > gunicorn-web stdout | 2025-11-04 09:09:46,326 [246] [DEBUG] [boto3.resources.action] Response: {'ResponseMetadata': {'RequestId': 'mhkcldqi-81aclk-10oq', 'HostId': 'mhkcldqi-81aclk-10oq', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'NooBaa/5.19.4-3154414', 'x-amz-request-id': 'mhkcldqi-81aclk-10oq', 'x-amz-id-2': 'mhkcldqi-81aclk-10oq', 'etag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'last-modified': 'Tue, 04 Nov 2025 08:29:21 GMT', 'content-type': 'application/octet-stream', 'content-length': '1461', 'accept-ranges': 'bytes', 'date': 'Tue, 04 Nov 2025 09:09:46 GMT', 'connection': 'keep-alive', 'keep-alive': 'timeout=5'}, 'RetryAttempts': 0}, 'AcceptRanges': 'bytes', 'LastModified': datetime.datetime(2025, 11, 4, 8, 29, 21, tzinfo=tzutc()), 'ContentLength': 1461, 'ETag': '"46e2b2c7be32d49fdf1258702e9e2ee0-1"', 'ContentType': 'application/octet-stream', 'Metadata': {}, 'Body': } gunicorn-web stdout | 2025-11-04 09:09:46,328 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."image_size", "t1"."uncompressed_size", "t1"."uploading", "t1"."cas_path", "t1"."content_checksum" FROM "imagestorage" AS "t1" WHERE ("t1"."content_checksum" = %s) LIMIT %s OFFSET %s', ['sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,332 [246] [DEBUG] [peewee] ('(SELECT * FROM (SELECT "t1"."id", "t1"."content_checksum", "t1"."image_size", "t1"."uuid", "t1"."cas_path", "t1"."uncompressed_size" FROM "imagestorage" AS "t1" INNER JOIN "manifestblob" AS "t2" ON ("t2"."blob_id" = "t1"."id") WHERE (("t2"."repository_id" = %s) AND ("t1"."content_checksum" = %s)) LIMIT %s) AS "q0") UNION ALL (SELECT * FROM (SELECT "t3"."id", "t3"."content_checksum", "t3"."image_size", "t3"."uuid", "t3"."cas_path", "t3"."uncompressed_size" FROM "imagestorage" AS "t3" INNER JOIN "manifestblob" AS "t4" ON ("t4"."blob_id" = "t3"."id") WHERE (("t4"."repository_id" = %s) AND ("t3"."content_checksum" = %s)) LIMIT %s) AS "q1")', [10, 'sha256:af60f8e8d90a7d793c16c0d1da85cd72489b950fdfb8da35f8547dadbf83b765', 1, 10, 'sha256:6fa1296f44090f6150dfb96d6ae217a58b9d66c56d7a986c35657df6bd1a89f0', 1]) gunicorn-web stdout | 2025-11-04 09:09:46,336 [246] [DEBUG] [app] Ending request: urn:request:7d52caba-5f04-44e7-a4df-14f663690a1f (/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f) {'endpoint': 'api.repositorymanifest', 'request_id': 'urn:request:7d52caba-5f04-44e7-a4df-14f663690a1f', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'path': '/api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:46,337 [246] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:46 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.1" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.090 1794 0.090) gunicorn-web stdout | 2025-11-04 09:09:46,337 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:46 +0000] "GET /api/v1/repository/quayorg/repo1/manifest/sha256:cd3d86f1fb368c6a53659d467560010ab9e0695528127ea336fe32f68f7ba09f HTTP/1.0" 200 1495 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" gunicorn-web stdout | 2025-11-04 09:09:46,528 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:46,528 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:46,536 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:46,560 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:46,573 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:09:46,677 [246] [DEBUG] [app] Starting request: urn:request:6ada2f43-7901-4f76-a323-68575a687460 (/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics) {'X-Forwarded-For': '209.132.188.14, 10.131.0.44'} gunicorn-web stdout | 2025-11-04 09:09:46,677 [246] [DEBUG] [app] User loader loading deferred user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,677 [246] [DEBUG] [auth.cookie] Loading user from cookie: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,678 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."username", "t1"."password_hash", "t1"."email", "t1"."verified", "t1"."stripe_id", "t1"."organization", "t1"."robot", "t1"."invoice_email", "t1"."invalid_login_attempts", "t1"."last_invalid_login", "t1"."removed_tag_expiration_s", "t1"."enabled", "t1"."invoice_email_address", "t1"."given_name", "t1"."family_name", "t1"."company", "t1"."location", "t1"."maximum_queued_builds_count", "t1"."creation_date", "t1"."last_accessed" FROM "user" AS "t1" WHERE (("t1"."uuid" = %s) AND ("t1"."organization" = %s)) LIMIT %s OFFSET %s', ['d98f031a-b876-4d0a-af2a-2a4bad8a6cd7', False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.decorators] Found valid auth result: (, False, None, [, None, None, None, None, None, None]) gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.permissions] Identity loaded: gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.permissions] Deferring permissions for user with uuid: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [endpoints.api] Checking permission for repo: quayorg/repo1 gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.permissions] Loading user permissions after deferring for: d98f031a-b876-4d0a-af2a-2a4bad8a6cd7 gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.permissions] User permission: _UserTypeNeed(type='user', username='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.permissions] User namespace permission: _NamespaceWideNeed(type='organization', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,690 [246] [DEBUG] [auth.permissions] User namespace repo permission: _NamespaceWideNeed(type='organizationrepo', namespace='quay', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,691 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "user" AS "t5" ON ("t1"."user_id" = "t5"."id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t5"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:46,697 [246] [DEBUG] [auth.permissions] User added permission: _ResourceNeed(type='repository', namespace='quayorg', name='repo1', role='admin') gunicorn-web stdout | 2025-11-04 09:09:46,697 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."team_id", "t1"."user_id", "t1"."repository_id", "t1"."role_id", "t2"."id", "t2"."name", "t3"."id", "t3"."namespace_user_id", "t3"."name", "t3"."visibility_id", "t3"."description", "t3"."badge_token", "t3"."kind_id", "t3"."trust_enabled", "t3"."state", "t4"."id", "t4"."uuid", "t4"."username", "t4"."password_hash", "t4"."email", "t4"."verified", "t4"."stripe_id", "t4"."organization", "t4"."robot", "t4"."invoice_email", "t4"."invalid_login_attempts", "t4"."last_invalid_login", "t4"."removed_tag_expiration_s", "t4"."enabled", "t4"."invoice_email_address", "t4"."given_name", "t4"."family_name", "t4"."company", "t4"."location", "t4"."maximum_queued_builds_count", "t4"."creation_date", "t4"."last_accessed" FROM "repositorypermission" AS "t1" INNER JOIN "role" AS "t2" ON ("t1"."role_id" = "t2"."id") INNER JOIN "repository" AS "t3" ON ("t1"."repository_id" = "t3"."id") INNER JOIN "user" AS "t4" ON ("t3"."namespace_user_id" = "t4"."id") INNER JOIN "team" AS "t5" ON ("t1"."team_id" = "t5"."id") INNER JOIN "teammember" AS "t6" ON ("t6"."team_id" = "t5"."id") INNER JOIN "user" AS "t7" ON ("t7"."id" = "t6"."user_id") WHERE ((("t3"."name" = %s) AND ("t4"."username" = %s)) AND ("t7"."id" = %s))', ['repo1', 'quayorg', 1]) gunicorn-web stdout | 2025-11-04 09:09:46,703 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") INNER JOIN "repositorykind" AS "t3" ON ("t1"."kind_id" = "t3"."id") WHERE (((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) AND ("t3"."name" = %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 'application', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,707 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state", "t2"."id", "t2"."uuid", "t2"."username", "t2"."password_hash", "t2"."email", "t2"."verified", "t2"."stripe_id", "t2"."organization", "t2"."robot", "t2"."invoice_email", "t2"."invalid_login_attempts", "t2"."last_invalid_login", "t2"."removed_tag_expiration_s", "t2"."enabled", "t2"."invoice_email_address", "t2"."given_name", "t2"."family_name", "t2"."company", "t2"."location", "t2"."maximum_queued_builds_count", "t2"."creation_date", "t2"."last_accessed" FROM "repository" AS "t1" INNER JOIN "user" AS "t2" ON ("t1"."namespace_user_id" = "t2"."id") WHERE ((("t2"."username" = %s) AND ("t1"."name" = %s)) AND ("t1"."state" != %s)) LIMIT %s OFFSET %s', ['quayorg', 'repo1', 3, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,711 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "visibility" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [2, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,714 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "repositorykind" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [1, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,717 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name", "t1"."repository_id", "t1"."manifest_id", "t1"."lifetime_start_ms", "t1"."lifetime_end_ms", "t1"."immutable", "t1"."hidden", "t1"."reversion", "t1"."tag_kind_id", "t1"."linked_tag_id", "t2"."id", "t2"."repository_id", "t2"."digest", "t2"."media_type_id", "t2"."manifest_bytes", "t2"."config_media_type", "t2"."layers_compressed_size", "t2"."subject", "t2"."subject_backfilled", "t2"."artifact_type", "t2"."artifact_type_backfilled" FROM "tag" AS "t1" INNER JOIN "manifest" AS "t2" ON ("t1"."manifest_id" = "t2"."id") WHERE (((("t1"."repository_id" = %s) AND ("t1"."name" = %s)) AND (("t1"."lifetime_end_ms" IS %s) OR ("t1"."lifetime_end_ms" > %s))) AND ("t1"."hidden" = %s)) LIMIT %s OFFSET %s', [10, 'ubuntu', None, 1762247386717, False, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,722 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."tag_name", "t1"."tag_pull_count", "t1"."last_tag_pull_date", "t1"."current_manifest_digest" FROM "tagpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."tag_name" = %s)) LIMIT %s OFFSET %s', [10, 'ubuntu', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,725 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [10, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,728 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."manifest_digest", "t1"."manifest_pull_count", "t1"."last_manifest_pull_date" FROM "manifestpullstatistics" AS "t1" WHERE (("t1"."repository_id" = %s) AND ("t1"."manifest_digest" = %s)) LIMIT %s OFFSET %s', [10, 'sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac', 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,732 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_user_id", "t1"."name", "t1"."visibility_id", "t1"."description", "t1"."badge_token", "t1"."kind_id", "t1"."trust_enabled", "t1"."state" FROM "repository" AS "t1" WHERE ("t1"."id" = %s) LIMIT %s OFFSET %s', [10, 1, 0]) gunicorn-web stdout | 2025-11-04 09:09:46,735 [246] [DEBUG] [app] Ending request: urn:request:6ada2f43-7901-4f76-a323-68575a687460 (/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics) {'endpoint': 'api.repositorytagpullstatistics', 'request_id': 'urn:request:6ada2f43-7901-4f76-a323-68575a687460', 'remote_addr': '10.131.0.44', 'http_method': 'GET', 'original_url': 'https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics', 'path': '/api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0'} gunicorn-web stdout | 2025-11-04 09:09:46,735 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:46,736 [246] [INFO] [gunicorn.access] 10.131.0.44 - - [04/Nov/2025:09:09:46 +0000] "GET /api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics HTTP/1.0" 200 291 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" nginx stdout | 10.131.0.44 (-) - - [04/Nov/2025:09:09:46 +0000] "GET /api/v1/repository/quayorg/repo1/tag/ubuntu/pull_statistics HTTP/1.1" 200 291 "https://quayregistry-quay-quay-enterprise-15509.apps.quaytest-15509.qe.devcluster.openshift.com/repository/quayorg/repo1?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0" (0.060 1740 0.061) exportactionlogsworker stdout | 2025-11-04 09:09:48,832 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:09:49,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:49,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:09:59.156372+00:00 (in 9.999537 seconds) notificationworker stdout | 2025-11-04 09:09:49,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:59 GMT)" (scheduled at 2025-11-04 09:09:49.156372+00:00) notificationworker stdout | 2025-11-04 09:09:49,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:09:49,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 49, 157359), True, datetime.datetime(2025, 11, 4, 9, 9, 49, 157359), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:09:49,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:09:49,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:09:49,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:09:59 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:09:49,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:09:49,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:19.635986+00:00 (in 29.999537 seconds) buildlogsarchiver stdout | 2025-11-04 09:09:49,636 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:19 GMT)" (scheduled at 2025-11-04 09:09:49.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:09:49,637 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 9, 49, 637018), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:09:49,649 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:09:49,649 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:09:49,649 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:19 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:09:51,046 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:09:51,065 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:09:51,065 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:27.063966+00:00 (in 35.998143 seconds) repositorygcworker stdout | 2025-11-04 09:09:51,065 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:51 GMT)" (scheduled at 2025-11-04 09:09:51.065407+00:00) repositorygcworker stdout | 2025-11-04 09:09:51,066 [86] [DEBUG] [workers.queueworker] Running watchdog. repositorygcworker stdout | 2025-11-04 09:09:51,066 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:10:51 GMT)" executed successfully securityworker stdout | 2025-11-04 09:09:51,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:09:51,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:07.252445+00:00 (in 15.997280 seconds) securityworker stdout | 2025-11-04 09:09:51,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:21 GMT)" (scheduled at 2025-11-04 09:09:51.254713+00:00) securityworker stdout | 2025-11-04 09:09:51,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:09:51,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:09:51,258 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:09:51,260 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:51,271 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:51,271 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:51,271 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:51,271 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:51,272 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:51,276 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:51,276 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:51,276 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:09:51,276 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:51,276 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:51,276 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:09:51,277 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:51,277 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:09:51,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:51,277 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:51,277 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:51,277 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 4, 51, 260230), 1, 49]) securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:09:51,281 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:09:51,282 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 4, 51, 260230), 1, 49]) securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:51,285 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:09:51 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:09:51,286 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:21 GMT)" executed successfully servicekey stdout | 2025-11-04 09:09:51,742 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:09:51,944 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:09:52,040 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:09:52,443 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: teamsyncworker stdout | 2025-11-04 09:09:54,129 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:09:54,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:09:54,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:04.140529+00:00 (in 9.999545 seconds) proxycacheblobworker stdout | 2025-11-04 09:09:54,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:04 GMT)" (scheduled at 2025-11-04 09:09:54.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:09:54,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:09:54,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 54, 141317), True, datetime.datetime(2025, 11, 4, 9, 9, 54, 141317), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:09:54,153 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:09:54,153 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:09:54,153 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:04 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:09:54,516 [246] [DEBUG] [app] Starting request: urn:request:6c528e2f-07a4-43b4-86bb-f41d7d39e19d (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:09:54,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:09:54,519 [257] [DEBUG] [app] Starting request: urn:request:429161de-5eb2-4377-95f9-cc200d784b4d (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:54,520 [257] [DEBUG] [app] Ending request: urn:request:429161de-5eb2-4377-95f9-cc200d784b4d (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:429161de-5eb2-4377-95f9-cc200d784b4d', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:09:54,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:09:54,520 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:54,522 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:54,523 [246] [DEBUG] [app] Starting request: urn:request:ca0d4837-37c2-448f-a959-b4eb0a255cee (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:54,523 [246] [DEBUG] [app] Ending request: urn:request:ca0d4837-37c2-448f-a959-b4eb0a255cee (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:ca0d4837-37c2-448f-a959-b4eb0a255cee', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:54,523 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:09:54,524 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:54,524 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:54,524 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:09:54,524 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:54,532 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:54,532 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:54,542 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:54,545 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:54,548 [246] [DEBUG] [app] Ending request: urn:request:6c528e2f-07a4-43b4-86bb-f41d7d39e19d (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:6c528e2f-07a4-43b4-86bb-f41d7d39e19d', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:54,548 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:54,549 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) gunicorn-web stdout | 2025-11-04 09:09:54,587 [246] [DEBUG] [app] Starting request: urn:request:fd94d421-1d8c-4477-af19-570abd86dc9e (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:09:54,589 [264] [DEBUG] [app] Starting request: urn:request:b846b801-6c5c-4f99-807c-d2933bdced2c (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:09:54,589 [264] [DEBUG] [app] Ending request: urn:request:b846b801-6c5c-4f99-807c-d2933bdced2c (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:b846b801-6c5c-4f99-807c-d2933bdced2c', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-registry stdout | 2025-11-04 09:09:54,590 [264] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:54 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:54,590 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:54,591 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:09:54,592 [249] [DEBUG] [app] Starting request: urn:request:5beadda3-b656-499b-a32c-e51189e9f962 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:09:54,592 [249] [DEBUG] [app] Ending request: urn:request:5beadda3-b656-499b-a32c-e51189e9f962 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:5beadda3-b656-499b-a32c-e51189e9f962', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:09:54,593 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:09:54 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:09:54,593 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:09:54,593 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:09:54,593 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:09:54 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:09:54,593 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:09:54,600 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:09:54,600 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:09:54,610 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:09:54,613 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:09:54,616 [246] [DEBUG] [app] Ending request: urn:request:fd94d421-1d8c-4477-af19-570abd86dc9e (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:fd94d421-1d8c-4477-af19-570abd86dc9e', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:09:54,616 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:09:54,616 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:09:54 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:09:54 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.030 118 0.030) globalpromstats stdout | 2025-11-04 09:09:55,721 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:09:55,950 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:09:55,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:09:55,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:04.952363+00:00 (in 8.995109 seconds) gcworker stdout | 2025-11-04 09:09:55,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:25 GMT)" (scheduled at 2025-11-04 09:09:55.956600+00:00) gcworker stdout | 2025-11-04 09:09:55,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) gcworker stdout | 2025-11-04 09:09:55,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762247095968, None, 1, 0]) gcworker stdout | 2025-11-04 09:09:55,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:09:55,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:25 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:09:56,243 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:09:56,946 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: queuecleanupworker stdout | 2025-11-04 09:09:57,439 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:09:57,635 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: blobuploadcleanupworker stdout | 2025-11-04 09:09:57,843 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:09:58,135 [85] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositoryactioncounter stdout | 2025-11-04 09:09:58,135 [85] [INFO] [apscheduler.executors.default] Running job "RepositoryActionCountWorker._run_counting (trigger: interval[4:00:00], next run at: 2025-11-04 09:09:58 GMT)" (scheduled at 2025-11-04 09:09:58.135163+00:00) repositoryactioncounter stdout | 2025-11-04 09:09:58,136 [85] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "repository" AS "t1"', []) repositoryactioncounter stdout | 2025-11-04 09:09:58,136 [85] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 13:09:58.135163+00:00 (in 14399.998457 seconds) repositoryactioncounter stdout | 2025-11-04 09:09:58,148 [85] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "repository" AS "t1"', []) repositoryactioncounter stdout | 2025-11-04 09:09:58,151 [85] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT 1 FROM "repository" AS "t1") AS "_wrapped"', []) repositoryactioncounter stdout | 2025-11-04 09:09:58,154 [85] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT 1 FROM "repositoryactioncount" AS "t1" WHERE ("t1"."date" = %s)) AS "_wrapped"', [datetime.date(2025, 11, 3)]) repositoryactioncounter stdout | 2025-11-04 09:09:58,157 [85] [DEBUG] [__main__] All RAC entries found; nothing more to do repositoryactioncounter stdout | 2025-11-04 09:09:58,158 [85] [DEBUG] [data.database] Disconnecting from database. repositoryactioncounter stdout | 2025-11-04 09:09:58,158 [85] [INFO] [apscheduler.executors.default] Job "RepositoryActionCountWorker._run_counting (trigger: interval[4:00:00], next run at: 2025-11-04 13:09:58 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:09:58,535 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:09:59,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:09:59,157 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:05.157605+00:00 (in 6.000616 seconds) notificationworker stdout | 2025-11-04 09:09:59,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:09 GMT)" (scheduled at 2025-11-04 09:09:59.156372+00:00) notificationworker stdout | 2025-11-04 09:09:59,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:09:59,158 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 9, 59, 157428), True, datetime.datetime(2025, 11, 4, 9, 9, 59, 157428), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:09:59,173 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:09:59,173 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:09:59,173 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:09 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:09:59,435 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:09:59,644 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:10:00,651 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:10:00,742 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:10:01,517 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:10:01,522 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:10:01,527 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,799 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,801 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,897 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,903 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,909 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,918 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,925 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,928 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:03,939 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:10:04,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:10:04,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:14.140529+00:00 (in 9.999550 seconds) proxycacheblobworker stdout | 2025-11-04 09:10:04,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:14 GMT)" (scheduled at 2025-11-04 09:10:04.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:10:04,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:10:04,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 4, 141320), True, datetime.datetime(2025, 11, 4, 9, 10, 4, 141320), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:10:04,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:10:04,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:10:04,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:14 GMT)" executed successfully gcworker stdout | 2025-11-04 09:10:04,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:10:04,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:25.956600+00:00 (in 21.003746 seconds) gcworker stdout | 2025-11-04 09:10:04,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:34 GMT)" (scheduled at 2025-11-04 09:10:04.952363+00:00) gcworker stdout | 2025-11-04 09:10:04,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037804953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:10:04,969 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:10:04,969 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:10:04,969 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:34 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:05,157 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:10:05,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:09.156372+00:00 (in 3.998174 seconds) notificationworker stdout | 2025-11-04 09:10:05,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:15:05 GMT)" (scheduled at 2025-11-04 09:10:05.157605+00:00) notificationworker stdout | 2025-11-04 09:10:05,158 [78] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [False, datetime.datetime(2025, 11, 4, 9, 10, 5, 158568), 'notification/%']) notificationworker stdout | 2025-11-04 09:10:05,171 [78] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 10, 5, 158568), True, datetime.datetime(2025, 11, 4, 9, 10, 5, 158568), 0, 'notification/%']) notificationworker stdout | 2025-11-04 09:10:05,175 [78] [DEBUG] [peewee] ('SELECT COUNT(1) FROM (SELECT DISTINCT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) AND NOT ("t1"."queue_name" IN (SELECT "t1"."queue_name" FROM "queueitem" AS "t1" WHERE ((("t1"."available" = %s) AND ("t1"."processing_expires" > %s)) AND ("t1"."queue_name" ILIKE %s)))))) AS "_wrapped"', [datetime.datetime(2025, 11, 4, 9, 10, 5, 158568), True, datetime.datetime(2025, 11, 4, 9, 10, 5, 158568), 0, 'notification/%', False, datetime.datetime(2025, 11, 4, 9, 10, 5, 158568), 'notification/%']) notificationworker stdout | 2025-11-04 09:10:05,178 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:10:05,178 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.update_queue_metrics (trigger: interval[0:05:00], next run at: 2025-11-04 09:15:05 GMT)" executed successfully quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:10:07,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:10:07,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:21.254713+00:00 (in 14.001755 seconds) securityworker stdout | 2025-11-04 09:10:07,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:37 GMT)" (scheduled at 2025-11-04 09:10:07.252445+00:00) securityworker stdout | 2025-11-04 09:10:07,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:10:07,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:10:07,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:10:07,257 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:10:07,269 [93] [DEBUG] [peewee] ('SELECT Min("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,272 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:07,272 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:10:07,272 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,273 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 21, 31]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 21-31 by worker securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 21-31 by worker securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 21-31 securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-31 securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,277 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 21-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 21-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-21 securityworker stdout | 2025-11-04 09:10:07,278 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-21 securityworker stdout | 2025-11-04 09:10:07,278 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 11 securityworker stdout | 2025-11-04 09:10:07,279 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 8, 18]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 8-18 by worker securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 8-18 by worker securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 8-18 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-18 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 21-31 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-21 securityworker stdout | 2025-11-04 09:10:07,282 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-21 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stdout | 2025-11-04 09:10:07,284 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 18, 28]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:10:07,287 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:10:07,287 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stdout | 2025-11-04 09:10:07,287 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-18 securityworker stdout | 2025-11-04 09:10:07,287 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-18 securityworker stdout | 2025-11-04 09:10:07,287 [93] [DEBUG] [util.migrate.allocator] Merging with block 21-31 securityworker stdout | 2025-11-04 09:10:07,287 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-31 securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 21-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Right range 8-31 securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-8 securityworker stdout | 2025-11-04 09:10:07,288 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 8-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-8 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:10:07,289 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 11]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Merging with block 8-31 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 31 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Total range: 31-49 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 8-31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 31 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 31-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-49 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,292 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,294 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 36, 46]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 36-46 securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Total range: 31-49 securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Right range 36-46 securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-36 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 31-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 31-36 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 31 securityworker stdout | 2025-11-04 09:10:07,297 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 31 securityworker stdout | 2025-11-04 09:10:07,298 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 31, 41]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:10:07,301 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 31-41 by worker securityworker stdout | 2025-11-04 09:10:07,301 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Merging with block 36-46 securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 46 securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Total range: 46-49 securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 46-49 securityworker stdout | 2025-11-04 09:10:07,302 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 31-41 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 46-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 46-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 46 securityworker stdout | 2025-11-04 09:10:07,303 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 46, 49]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 46-49 by worker securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 46-49 by worker securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 46-49 securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 46 securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 49-46 securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 46-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 49-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:10:07,306 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,307 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 28, 38]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 28-38 by worker securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 28-38 by worker securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 28-38 securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 28-38 securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Left range 28-38 securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 38-49 securityworker stdout | 2025-11-04 09:10:07,311 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 28-38 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 28-38 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 28-38 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 38-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,312 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 38, 48]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 38-48 by worker securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 38-48 by worker securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 38-48 securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 28-38 securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Already merged with block 28-38 securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 28-48 securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 38-48 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 28-38 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 28-38 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 28-48 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,315 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,316 [93] [DEBUG] [util.migrate.allocator] Left range 28-48 securityworker stdout | 2025-11-04 09:10:07,316 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 48-49 securityworker stdout | 2025-11-04 09:10:07,316 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 48 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 28-48 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 48-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 48 securityworker stdout | 2025-11-04 09:10:07,316 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 48, 49]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 48-49 by worker securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 48-49 by worker securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 48-49 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 28-48 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Already merged with block 28-48 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 28 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 48-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 28-48 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 28-48 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-28 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-28 securityworker stdout | 2025-11-04 09:10:07,319 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stdout | 2025-11-04 09:10:07,320 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 2, 12]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:10:07,323 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 2-12 by worker securityworker stdout | 2025-11-04 09:10:07,323 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stdout | 2025-11-04 09:10:07,323 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stdout | 2025-11-04 09:10:07,323 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,323 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stdout | 2025-11-04 09:10:07,323 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,324 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 2-12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stdout | 2025-11-04 09:10:07,324 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-28 securityworker stdout | 2025-11-04 09:10:07,324 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stdout | 2025-11-04 09:10:07,324 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 13, 23]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 13-23 by worker securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-23 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Right range 13-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 13-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 13-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 3 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 13-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-13 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 12-13 securityworker stdout | 2025-11-04 09:10:07,328 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 12 securityworker stdout | 2025-11-04 09:10:07,329 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 12, 22]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 12-22 by worker securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Merging with block 13-23 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-23 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 12-22 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-12 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 13-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 2-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Total range: 1-28 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Left range 2-23 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 23-28 securityworker stdout | 2025-11-04 09:10:07,332 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 2-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 23-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 23 securityworker stdout | 2025-11-04 09:10:07,333 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 23, 33]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 23-33 by worker securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 23-33 by worker securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 23-33 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-23 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-23 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 2 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Total range: 1-2 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 23-33 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 2-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 2-23 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 2 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-2 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-2 securityworker stdout | 2025-11-04 09:10:07,336 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:10:07,337 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 1, 11]) securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,340 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:07,341 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:10:07,341 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,341 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 25, 35]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 25-35 by worker securityworker stdout | 2025-11-04 09:10:07,344 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 25-35 by worker securityworker stdout | 2025-11-04 09:10:07,344 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 25-35 securityworker stdout | 2025-11-04 09:10:07,344 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 25-35 securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-25 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 25-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 25-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-25 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 15 securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 15 securityworker stdout | 2025-11-04 09:10:07,345 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 8, 18]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 8-18 by worker securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 8-18 by worker securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 8-18 securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-18 securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Right range 25-35 securityworker stdout | 2025-11-04 09:10:07,348 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-25 securityworker stdout | 2025-11-04 09:10:07,349 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 18-25 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 18 securityworker stdout | 2025-11-04 09:10:07,349 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 18, 28]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 18-28 by worker securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-18 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-18 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Merging with block 25-35 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-35 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 18-28 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-18 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 25-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Left range 8-35 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 35-49 securityworker stdout | 2025-11-04 09:10:07,354 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 35-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 39 securityworker stdout | 2025-11-04 09:10:07,355 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 36, 46]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:10:07,358 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 36-46 by worker securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 36-46 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Left range 8-35 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Right range 36-46 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 35-36 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 2 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 2 with 3 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Right range 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 35-36 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 35 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 35 securityworker stdout | 2025-11-04 09:10:07,359 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 35, 45]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:10:07,362 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 35-45 by worker securityworker stdout | 2025-11-04 09:10:07,362 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-35 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-35 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Merging with block 36-46 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-46 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 35-45 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-35 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with block 36-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 2 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Writing new block with range: 8-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Selected random hole 1 with 2 total holes securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Left range 8-46 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 46-49 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Left range 8-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 46-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 46 securityworker stdout | 2025-11-04 09:10:07,363 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 46, 49]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 46-49 by worker securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 46-49 by worker securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 46-49 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-46 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-46 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 8 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Total range: 1-8 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 46-49 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Merging with the prev range: 8-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Already merged with block 8-46 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 8 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding 1 obsolete blocks securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 1-8 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-8 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-8 securityworker stdout | 2025-11-04 09:10:07,367 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:10:07,368 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 7, 257324), 1, 11]) securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-11 by worker securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:07,371 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-11 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 11 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] Total range: 11-1 securityworker stderr | 2025-11-04 09:10:07 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:07,371 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:37 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:10:07,444 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:10:07,445 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:37.446883+00:00 (in 30.001718 seconds) namespacegcworker stdout | 2025-11-04 09:10:07,445 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:07 GMT)" (scheduled at 2025-11-04 09:10:07.444700+00:00) namespacegcworker stdout | 2025-11-04 09:10:07,445 [76] [DEBUG] [workers.queueworker] Getting work item from queue. namespacegcworker stdout | 2025-11-04 09:10:07,446 [76] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 7, 445520), True, datetime.datetime(2025, 11, 4, 9, 10, 7, 445520), 0, 'namespacegc/%', 50, 1, 0]) namespacegcworker stdout | 2025-11-04 09:10:07,458 [76] [DEBUG] [workers.queueworker] No more work. namespacegcworker stdout | 2025-11-04 09:10:07,458 [76] [DEBUG] [data.database] Disconnecting from database. namespacegcworker stdout | 2025-11-04 09:10:07,458 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:07 GMT)" executed successfully securityworker stdout | 2025-11-04 09:10:07,742 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:07,934 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:09,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:10:09,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:19.156372+00:00 (in 9.999483 seconds) notificationworker stdout | 2025-11-04 09:10:09,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:19 GMT)" (scheduled at 2025-11-04 09:10:09.156372+00:00) notificationworker stdout | 2025-11-04 09:10:09,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:10:09,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 9, 157292), True, datetime.datetime(2025, 11, 4, 9, 10, 9, 157292), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:10:09,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:10:09,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:10:09,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:19 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:10:09,517 [247] [DEBUG] [app] Starting request: urn:request:bafd0ee1-26dc-4344-8476-e7fe4bd67a9e (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:10:09,518 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:10:09,520 [257] [DEBUG] [app] Starting request: urn:request:f720adcd-93ed-4c1f-8b14-27d02fe59b7f (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:10:09,520 [257] [DEBUG] [app] Ending request: urn:request:f720adcd-93ed-4c1f-8b14-27d02fe59b7f (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:f720adcd-93ed-4c1f-8b14-27d02fe59b7f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:10:09,521 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:10:09,521 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:10:09,523 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:10:09,524 [248] [DEBUG] [app] Starting request: urn:request:ee1a8dec-0dcd-4d18-ac11-0c87b41c9b8d (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:10:09,525 [248] [DEBUG] [app] Ending request: urn:request:ee1a8dec-0dcd-4d18-ac11-0c87b41c9b8d (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:ee1a8dec-0dcd-4d18-ac11-0c87b41c9b8d', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:10:09,525 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:09,525 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:10:09,526 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:10:09,526 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:10:09,526 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:10:09,534 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:10:09,534 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:10:09,543 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:10:09,546 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:10:09,549 [247] [DEBUG] [app] Ending request: urn:request:bafd0ee1-26dc-4344-8476-e7fe4bd67a9e (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:bafd0ee1-26dc-4344-8476-e7fe4bd67a9e', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:10:09,549 [247] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:10:09,550 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:10:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:10:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.033 118 0.033) gunicorn-web stdout | 2025-11-04 09:10:09,588 [247] [DEBUG] [app] Starting request: urn:request:401c57f4-174e-442b-b75e-4c9a76332323 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:10:09,589 [257] [DEBUG] [app] Starting request: urn:request:639f6253-1dfe-4099-8b98-5fbf2455321f (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:10:09,590 [257] [DEBUG] [app] Ending request: urn:request:639f6253-1dfe-4099-8b98-5fbf2455321f (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:639f6253-1dfe-4099-8b98-5fbf2455321f', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:10:09,590 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:09,590 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:09 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 162 0.001) gunicorn-web stdout | 2025-11-04 09:10:09,591 [247] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:10:09,593 [246] [DEBUG] [app] Starting request: urn:request:51d9c36a-6c64-4c52-9924-c15262a716ad (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:10:09,594 [246] [DEBUG] [app] Ending request: urn:request:51d9c36a-6c64-4c52-9924-c15262a716ad (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:51d9c36a-6c64-4c52-9924-c15262a716ad', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:10:09,594 [246] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:09 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:09,594 [247] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:09 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:10:09,595 [247] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:10:09,595 [247] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:10:09,595 [247] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:10:09,603 [247] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:10:09,603 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:10:09,612 [247] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:10:09,616 [247] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:10:09,619 [247] [DEBUG] [app] Ending request: urn:request:401c57f4-174e-442b-b75e-4c9a76332323 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:401c57f4-174e-442b-b75e-4c9a76332323', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:10:09,619 [247] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:10:09 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:10:09,619 [247] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:10:09 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" securityscanningnotificationworker stdout | 2025-11-04 09:10:10,744 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:10:10,744 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:27.745810+00:00 (in 17.001167 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:10:10,744 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:10 GMT)" (scheduled at 2025-11-04 09:10:10.743793+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:10:10,744 [87] [DEBUG] [workers.queueworker] Getting work item from queue. securityscanningnotificationworker stdout | 2025-11-04 09:10:10,745 [87] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 10, 744987), True, datetime.datetime(2025, 11, 4, 9, 10, 10, 744987), 0, 'secscanv4/%', 50, 1, 0]) securityscanningnotificationworker stdout | 2025-11-04 09:10:10,757 [87] [DEBUG] [workers.queueworker] No more work. securityscanningnotificationworker stdout | 2025-11-04 09:10:10,757 [87] [DEBUG] [data.database] Disconnecting from database. securityscanningnotificationworker stdout | 2025-11-04 09:10:10,757 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:10 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:10:11,070 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:10:12,261 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:10:12,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:10:12,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:42.952336+00:00 (in 29.999483 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:10:12,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:42 GMT)" (scheduled at 2025-11-04 09:10:12.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:10:12,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:10:12,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:10:12,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:42 GMT)" executed successfully gcworker stdout | 2025-11-04 09:10:13,582 [67] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'gcworker.py', 'pid': '67'} gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gcworker stdout | self._send_request(method, url, body, headers, encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gcworker stdout | self.send(msg) gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gcworker stdout | self.connect() gcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gcworker stdout | self.sock = self._create_connection( gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection gcworker stdout | raise exceptions[0] gcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection gcworker stdout | sock.connect(sa) gcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused gcworker stdout | During handling of the above exception, another exception occurred: gcworker stdout | Traceback (most recent call last): gcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gcworker stdout | push_to_gateway( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gcworker stdout | handler( gcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gcworker stdout | response = self._open(req, data) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gcworker stdout | result = func(*args) gcworker stdout | ^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gcworker stdout | return self.do_open(http.client.HTTPConnection, req) gcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gcworker stdout | raise URLError(err) gcworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:10:14,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:10:14,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:24.140529+00:00 (in 9.999548 seconds) proxycacheblobworker stdout | 2025-11-04 09:10:14,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:24 GMT)" (scheduled at 2025-11-04 09:10:14.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:10:14,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:10:14,141 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 14, 141341), True, datetime.datetime(2025, 11, 4, 9, 10, 14, 141341), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:10:14,154 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:10:14,154 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:10:14,154 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:24 GMT)" executed successfully autopruneworker stdout | 2025-11-04 09:10:16,130 [59] [DEBUG] [apscheduler.scheduler] Looking for jobs to run autopruneworker stdout | 2025-11-04 09:10:16,130 [59] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:46.130127+00:00 (in 29.999264 seconds) autopruneworker stdout | 2025-11-04 09:10:16,131 [59] [INFO] [apscheduler.executors.default] Running job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:46 GMT)" (scheduled at 2025-11-04 09:10:16.130127+00:00) autopruneworker stdout | 2025-11-04 09:10:16,138 [59] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."namespace_id", "t1"."last_ran_ms", "t1"."status" FROM "autoprunetaskstatus" AS "t1" WHERE (("t1"."namespace_id" NOT IN (SELECT "t2"."id" FROM "user" AS "t2" WHERE (("t2"."enabled" = %s) AND ("t2"."id" = "t1"."namespace_id")))) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [False, 1762243816137, None, 1, 0]) autopruneworker stdout | 2025-11-04 09:10:16,143 [59] [INFO] [__main__] no autoprune tasks found, exiting... autopruneworker stdout | 2025-11-04 09:10:16,143 [59] [DEBUG] [data.database] Disconnecting from database. autopruneworker stdout | 2025-11-04 09:10:16,143 [59] [INFO] [apscheduler.executors.default] Job "AutoPruneWorker.prune (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:46 GMT)" executed successfully storagereplication stdout | 2025-11-04 09:10:16,247 [95] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'storagereplication.py', 'pid': '95'} storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open storagereplication stdout | h.request(req.get_method(), req.selector, req.data, headers, storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request storagereplication stdout | self._send_request(method, url, body, headers, encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request storagereplication stdout | self.endheaders(body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders storagereplication stdout | self._send_output(message_body, encode_chunked=encode_chunked) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output storagereplication stdout | self.send(msg) storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send storagereplication stdout | self.connect() storagereplication stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect storagereplication stdout | self.sock = self._create_connection( storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection storagereplication stdout | raise exceptions[0] storagereplication stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection storagereplication stdout | sock.connect(sa) storagereplication stdout | ConnectionRefusedError: [Errno 111] Connection refused storagereplication stdout | During handling of the above exception, another exception occurred: storagereplication stdout | Traceback (most recent call last): storagereplication stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run storagereplication stdout | push_to_gateway( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway storagereplication stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway storagereplication stdout | handler( storagereplication stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle storagereplication stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open storagereplication stdout | response = self._open(req, data) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open storagereplication stdout | result = self._call_chain(self.handle_open, protocol, protocol + storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain storagereplication stdout | result = func(*args) storagereplication stdout | ^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open storagereplication stdout | return self.do_open(http.client.HTTPConnection, req) storagereplication stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ storagereplication stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open storagereplication stdout | raise URLError(err) storagereplication stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:10:16,343 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:10:16,343 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:28.340417+00:00 (in 11.996640 seconds) exportactionlogsworker stdout | 2025-11-04 09:10:16,343 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:16 GMT)" (scheduled at 2025-11-04 09:10:16.343350+00:00) exportactionlogsworker stdout | 2025-11-04 09:10:16,344 [66] [DEBUG] [workers.queueworker] Running watchdog. exportactionlogsworker stdout | 2025-11-04 09:10:16,344 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:16 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:10:16,551 [71] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '71'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:10:16,557 [246] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '246'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:10:16,558 [249] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '249'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:10:16,578 [247] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '247'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: gunicorn-web stdout | 2025-11-04 09:10:16,591 [248] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'web:application', 'pid': '248'} gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-web stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-web stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-web stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-web stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-web stdout | self.send(msg) gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-web stdout | self.connect() gunicorn-web stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-web stdout | self.sock = self._create_connection( gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-web stdout | sock.connect(sa) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-web stdout | self._internal_connect(address) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-web stdout | raise _SocketError(err, strerror(err)) gunicorn-web stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-web stdout | During handling of the above exception, another exception occurred: gunicorn-web stdout | Traceback (most recent call last): gunicorn-web stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-web stdout | push_to_gateway( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-web stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-web stdout | handler( gunicorn-web stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-web stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-web stdout | response = self._open(req, data) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-web stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-web stdout | result = func(*args) gunicorn-web stdout | ^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-web stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-web stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-web stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-web stdout | raise URLError(err) gunicorn-web stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:10:18,845 [66] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'exportactionlogsworker.py', 'pid': '66'} exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open exportactionlogsworker stdout | h.request(req.get_method(), req.selector, req.data, headers, exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request exportactionlogsworker stdout | self._send_request(method, url, body, headers, encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request exportactionlogsworker stdout | self.endheaders(body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders exportactionlogsworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output exportactionlogsworker stdout | self.send(msg) exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send exportactionlogsworker stdout | self.connect() exportactionlogsworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect exportactionlogsworker stdout | self.sock = self._create_connection( exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection exportactionlogsworker stdout | raise exceptions[0] exportactionlogsworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection exportactionlogsworker stdout | sock.connect(sa) exportactionlogsworker stdout | ConnectionRefusedError: [Errno 111] Connection refused exportactionlogsworker stdout | During handling of the above exception, another exception occurred: exportactionlogsworker stdout | Traceback (most recent call last): exportactionlogsworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run exportactionlogsworker stdout | push_to_gateway( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway exportactionlogsworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway exportactionlogsworker stdout | handler( exportactionlogsworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle exportactionlogsworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open exportactionlogsworker stdout | response = self._open(req, data) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open exportactionlogsworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain exportactionlogsworker stdout | result = func(*args) exportactionlogsworker stdout | ^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open exportactionlogsworker stdout | return self.do_open(http.client.HTTPConnection, req) exportactionlogsworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exportactionlogsworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open exportactionlogsworker stdout | raise URLError(err) exportactionlogsworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:19,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:10:19,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:29.156372+00:00 (in 9.999497 seconds) notificationworker stdout | 2025-11-04 09:10:19,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:29 GMT)" (scheduled at 2025-11-04 09:10:19.156372+00:00) notificationworker stdout | 2025-11-04 09:10:19,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:10:19,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 19, 157299), True, datetime.datetime(2025, 11, 4, 9, 10, 19, 157299), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:10:19,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:10:19,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:10:19,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:29 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,245 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,245 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:20.247243+00:00 (in 1.001399 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,246 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:19 GMT)" (scheduled at 2025-11-04 09:10:19.245377+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,246 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."subject_backfilled" = %s) OR ("t1"."subject_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,259 [74] [DEBUG] [__main__] Manifest subject backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,259 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:10:19,259 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_subject (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:19 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:10:19,636 [62] [DEBUG] [apscheduler.scheduler] Looking for jobs to run buildlogsarchiver stdout | 2025-11-04 09:10:19,636 [62] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:49.635986+00:00 (in 29.999240 seconds) buildlogsarchiver stdout | 2025-11-04 09:10:19,637 [62] [INFO] [apscheduler.executors.default] Running job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:49 GMT)" (scheduled at 2025-11-04 09:10:19.635986+00:00) buildlogsarchiver stdout | 2025-11-04 09:10:19,638 [62] [DEBUG] [peewee] ('SELECT "candidates"."id" FROM (SELECT "t1"."id" FROM "repositorybuild" AS "t1" WHERE ((("t1"."phase" IN (%s, %s, %s)) OR ("t1"."started" < %s)) AND ("t1"."logs_archived" = %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', ['complete', 'error', 'cancelled', datetime.datetime(2025, 10, 20, 9, 10, 19, 637608), False, 50, 1, 0]) buildlogsarchiver stdout | 2025-11-04 09:10:19,650 [62] [DEBUG] [__main__] No more builds to archive buildlogsarchiver stdout | 2025-11-04 09:10:19,650 [62] [DEBUG] [data.database] Disconnecting from database. buildlogsarchiver stdout | 2025-11-04 09:10:19,650 [62] [INFO] [apscheduler.executors.default] Job "ArchiveBuildLogsWorker._archive_redis_buildlogs (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:49 GMT)" executed successfully manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,247 [74] [DEBUG] [apscheduler.scheduler] Looking for jobs to run manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,247 [74] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:11:19.245377+00:00 (in 58.997642 seconds) manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,247 [74] [INFO] [apscheduler.executors.default] Running job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:20 GMT)" (scheduled at 2025-11-04 09:10:20.247243+00:00) manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,248 [74] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled" FROM "manifest" AS "t1" WHERE (("t1"."artifact_type_backfilled" = %s) OR ("t1"."artifact_type_backfilled" IS %s)) LIMIT %s OFFSET %s', [False, None, 1, 0]) manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,260 [74] [DEBUG] [__main__] Manifest artifact_type backfill worker has completed; skipping manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,260 [74] [DEBUG] [data.database] Disconnecting from database. manifestsubjectbackfillworker stdout | 2025-11-04 09:10:20,261 [74] [INFO] [apscheduler.executors.default] Job "ManifestSubjectBackfillWorker._backfill_manifest_artifact_type (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:20 GMT)" executed successfully pullstatsredisflushworker stdout | 2025-11-04 09:10:21,064 [80] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'pullstatsredisflushworker.py', 'pid': '80'} pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open pullstatsredisflushworker stdout | h.request(req.get_method(), req.selector, req.data, headers, pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request pullstatsredisflushworker stdout | self._send_request(method, url, body, headers, encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request pullstatsredisflushworker stdout | self.endheaders(body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders pullstatsredisflushworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output pullstatsredisflushworker stdout | self.send(msg) pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send pullstatsredisflushworker stdout | self.connect() pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect pullstatsredisflushworker stdout | self.sock = self._create_connection( pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection pullstatsredisflushworker stdout | raise exceptions[0] pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection pullstatsredisflushworker stdout | sock.connect(sa) pullstatsredisflushworker stdout | ConnectionRefusedError: [Errno 111] Connection refused pullstatsredisflushworker stdout | During handling of the above exception, another exception occurred: pullstatsredisflushworker stdout | Traceback (most recent call last): pullstatsredisflushworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run pullstatsredisflushworker stdout | push_to_gateway( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway pullstatsredisflushworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway pullstatsredisflushworker stdout | handler( pullstatsredisflushworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle pullstatsredisflushworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open pullstatsredisflushworker stdout | response = self._open(req, data) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open pullstatsredisflushworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain pullstatsredisflushworker stdout | result = func(*args) pullstatsredisflushworker stdout | ^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open pullstatsredisflushworker stdout | return self.do_open(http.client.HTTPConnection, req) pullstatsredisflushworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pullstatsredisflushworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open pullstatsredisflushworker stdout | raise URLError(err) pullstatsredisflushworker stdout | urllib.error.URLError: securityworker stdout | 2025-11-04 09:10:21,254 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:10:21,255 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:37.252445+00:00 (in 15.997114 seconds) securityworker stdout | 2025-11-04 09:10:21,255 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:51 GMT)" (scheduled at 2025-11-04 09:10:21.254713+00:00) securityworker stdout | 2025-11-04 09:10:21,255 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:10:21,255 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:10:21,258 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:10:21,261 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:21,272 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:21,272 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:21,272 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:10:21,272 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:10:21,274 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" LEFT OUTER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE ((("t2"."id" IS %s) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [None, 1, 49]) securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:10:21,279 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:10:21,280 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((("t2"."index_status" = %s) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-1, datetime.datetime(2025, 11, 4, 9, 5, 21, 261169), 1, 49]) securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stdout | 2025-11-04 09:10:21,284 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total range: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Selected random hole 0 with 1 total holes securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Selecting from hole range: 1-49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Rand max bound: 1 securityworker stdout | 2025-11-04 09:10:21,285 [93] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."repository_id", "t1"."digest", "t1"."media_type_id", "t1"."manifest_bytes", "t1"."config_media_type", "t1"."layers_compressed_size", "t1"."subject", "t1"."subject_backfilled", "t1"."artifact_type", "t1"."artifact_type_backfilled", "t2"."id", "t2"."manifest_id", "t2"."repository_id", "t2"."index_status", "t2"."error_json", "t2"."last_indexed", "t2"."indexer_hash", "t2"."indexer_version", "t2"."metadata_json" FROM "manifest" AS "t1" INNER JOIN "manifestsecuritystatus" AS "t2" ON ("t2"."manifest_id" = "t1"."id") WHERE (((((("t2"."index_status" != %s) AND ("t2"."index_status" != %s)) AND ("t2"."indexer_hash" != %s)) AND ("t2"."last_indexed" < %s)) AND ("t1"."id" >= %s)) AND ("t1"."id" < %s)) ORDER BY "t1"."id"', [-2, -3, '37b46b4a70b6f1a19d5e4e18d21f57ff', datetime.datetime(2025, 11, 4, 9, 5, 21, 261169), 1, 49]) securityworker stdout | 2025-11-04 09:10:21,288 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] No candidates, marking entire block completed 1-49 by worker securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:10:21,288 [93] [DEBUG] [util.migrate.allocator] Marking the range completed: 1-49 securityworker stdout | 2025-11-04 09:10:21,288 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stdout | 2025-11-04 09:10:21,289 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stdout | 2025-11-04 09:10:21,289 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stdout | 2025-11-04 09:10:21,289 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stdout | 2025-11-04 09:10:21,289 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:21,289 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new max to: 1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Discarding block and setting new min to: 49 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total blocks: 0 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] Total range: 49-1 securityworker stderr | 2025-11-04 09:10:21 [93] [DEBUG] [util.migrate.allocator] No more work by worker securityworker stdout | 2025-11-04 09:10:21,289 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_recent_manifests_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:51 GMT)" executed successfully servicekey stdout | 2025-11-04 09:10:21,757 [94] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'servicekeyworker.py', 'pid': '94'} servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open servicekey stdout | h.request(req.get_method(), req.selector, req.data, headers, servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request servicekey stdout | self._send_request(method, url, body, headers, encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request servicekey stdout | self.endheaders(body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders servicekey stdout | self._send_output(message_body, encode_chunked=encode_chunked) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output servicekey stdout | self.send(msg) servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send servicekey stdout | self.connect() servicekey stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect servicekey stdout | self.sock = self._create_connection( servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection servicekey stdout | raise exceptions[0] servicekey stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection servicekey stdout | sock.connect(sa) servicekey stdout | ConnectionRefusedError: [Errno 111] Connection refused servicekey stdout | During handling of the above exception, another exception occurred: servicekey stdout | Traceback (most recent call last): servicekey stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run servicekey stdout | push_to_gateway( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway servicekey stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway servicekey stdout | handler( servicekey stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle servicekey stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open servicekey stdout | response = self._open(req, data) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open servicekey stdout | result = self._call_chain(self.handle_open, protocol, protocol + servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain servicekey stdout | result = func(*args) servicekey stdout | ^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open servicekey stdout | return self.do_open(http.client.HTTPConnection, req) servicekey stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ servicekey stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open servicekey stdout | raise URLError(err) servicekey stdout | urllib.error.URLError: builder stdout | 2025-11-04 09:10:21,957 [61] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'builder.py', 'pid': '61'} builder stdout | Traceback (most recent call last): builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open builder stdout | h.request(req.get_method(), req.selector, req.data, headers, builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request builder stdout | self._send_request(method, url, body, headers, encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request builder stdout | self.endheaders(body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders builder stdout | self._send_output(message_body, encode_chunked=encode_chunked) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output builder stdout | self.send(msg) builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send builder stdout | self.connect() builder stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect builder stdout | self.sock = self._create_connection( builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection builder stdout | raise exceptions[0] builder stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection builder stdout | sock.connect(sa) builder stdout | ConnectionRefusedError: [Errno 111] Connection refused builder stdout | During handling of the above exception, another exception occurred: builder stdout | Traceback (most recent call last): builder stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run builder stdout | push_to_gateway( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway builder stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway builder stdout | handler( builder stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle builder stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open builder stdout | response = self._open(req, data) builder stdout | ^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open builder stdout | result = self._call_chain(self.handle_open, protocol, protocol + builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain builder stdout | result = func(*args) builder stdout | ^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open builder stdout | return self.do_open(http.client.HTTPConnection, req) builder stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ builder stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open builder stdout | raise URLError(err) builder stdout | urllib.error.URLError: namespacegcworker stdout | 2025-11-04 09:10:22,053 [76] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'namespacegcworker.py', 'pid': '76'} namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open namespacegcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request namespacegcworker stdout | self._send_request(method, url, body, headers, encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request namespacegcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders namespacegcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output namespacegcworker stdout | self.send(msg) namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send namespacegcworker stdout | self.connect() namespacegcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect namespacegcworker stdout | self.sock = self._create_connection( namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection namespacegcworker stdout | raise exceptions[0] namespacegcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection namespacegcworker stdout | sock.connect(sa) namespacegcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused namespacegcworker stdout | During handling of the above exception, another exception occurred: namespacegcworker stdout | Traceback (most recent call last): namespacegcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run namespacegcworker stdout | push_to_gateway( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway namespacegcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway namespacegcworker stdout | handler( namespacegcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle namespacegcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open namespacegcworker stdout | response = self._open(req, data) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open namespacegcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain namespacegcworker stdout | result = func(*args) namespacegcworker stdout | ^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open namespacegcworker stdout | return self.do_open(http.client.HTTPConnection, req) namespacegcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ namespacegcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open namespacegcworker stdout | raise URLError(err) namespacegcworker stdout | urllib.error.URLError: manifestbackfillworker stdout | 2025-11-04 09:10:22,456 [73] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestbackfillworker.py', 'pid': '73'} manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestbackfillworker stdout | self.send(msg) manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestbackfillworker stdout | self.connect() manifestbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestbackfillworker stdout | self.sock = self._create_connection( manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestbackfillworker stdout | raise exceptions[0] manifestbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestbackfillworker stdout | sock.connect(sa) manifestbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestbackfillworker stdout | During handling of the above exception, another exception occurred: manifestbackfillworker stdout | Traceback (most recent call last): manifestbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestbackfillworker stdout | push_to_gateway( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestbackfillworker stdout | handler( manifestbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestbackfillworker stdout | response = self._open(req, data) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestbackfillworker stdout | result = func(*args) manifestbackfillworker stdout | ^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestbackfillworker stdout | raise URLError(err) manifestbackfillworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:10:24,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:10:24,140 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:27.142482+00:00 (in 3.001502 seconds) proxycacheblobworker stdout | 2025-11-04 09:10:24,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:34 GMT)" (scheduled at 2025-11-04 09:10:24.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:10:24,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:10:24,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 24, 141336), True, datetime.datetime(2025, 11, 4, 9, 10, 24, 141336), 0, 'proxycacheblob/%', 50, 1, 0]) teamsyncworker stdout | 2025-11-04 09:10:24,143 [96] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'teamsyncworker.py', 'pid': '96'} teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open teamsyncworker stdout | h.request(req.get_method(), req.selector, req.data, headers, teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request teamsyncworker stdout | self._send_request(method, url, body, headers, encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request teamsyncworker stdout | self.endheaders(body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders teamsyncworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output teamsyncworker stdout | self.send(msg) teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send teamsyncworker stdout | self.connect() teamsyncworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect teamsyncworker stdout | self.sock = self._create_connection( teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection teamsyncworker stdout | raise exceptions[0] teamsyncworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection teamsyncworker stdout | sock.connect(sa) teamsyncworker stdout | ConnectionRefusedError: [Errno 111] Connection refused teamsyncworker stdout | During handling of the above exception, another exception occurred: teamsyncworker stdout | Traceback (most recent call last): teamsyncworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run teamsyncworker stdout | push_to_gateway( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway teamsyncworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway teamsyncworker stdout | handler( teamsyncworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle teamsyncworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open teamsyncworker stdout | response = self._open(req, data) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open teamsyncworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain teamsyncworker stdout | result = func(*args) teamsyncworker stdout | ^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open teamsyncworker stdout | return self.do_open(http.client.HTTPConnection, req) teamsyncworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ teamsyncworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open teamsyncworker stdout | raise URLError(err) teamsyncworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:10:24,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:10:24,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:10:24,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:34 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:10:24,516 [249] [DEBUG] [app] Starting request: urn:request:17eb1286-e64a-45ac-bbd1-ad667a6c2963 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:10:24,517 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:10:24,519 [257] [DEBUG] [app] Starting request: urn:request:8932b83e-3ef6-4427-a687-4071a69e40ab (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:10:24,519 [257] [DEBUG] [app] Ending request: urn:request:8932b83e-3ef6-4427-a687-4071a69e40ab (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:8932b83e-3ef6-4427-a687-4071a69e40ab', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:10:24,520 [257] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:24,520 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:10:24,521 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:10:24,522 [248] [DEBUG] [app] Starting request: urn:request:f2b1390d-0daa-4c5c-8585-116f1dbabf97 (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:10:24,523 [248] [DEBUG] [app] Ending request: urn:request:f2b1390d-0daa-4c5c-8585-116f1dbabf97 (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:f2b1390d-0daa-4c5c-8585-116f1dbabf97', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.002) gunicorn-web stdout | 2025-11-04 09:10:24,523 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:24,523 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:10:24,523 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:10:24,523 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:10:24,523 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:10:24,531 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:10:24,531 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:10:24,540 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:10:24,544 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:10:24,546 [249] [DEBUG] [app] Ending request: urn:request:17eb1286-e64a-45ac-bbd1-ad667a6c2963 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:17eb1286-e64a-45ac-bbd1-ad667a6c2963', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:10:24,547 [249] [DEBUG] [data.database] Disconnecting from database. nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:10:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.032 118 0.032) gunicorn-web stdout | 2025-11-04 09:10:24,547 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:10:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" gunicorn-web stdout | 2025-11-04 09:10:24,588 [249] [DEBUG] [app] Starting request: urn:request:3607ef11-45b4-4517-a38b-5c8313b23ee2 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:10:24,590 [263] [DEBUG] [app] Starting request: urn:request:e5de7e19-5752-4237-a004-fe1a55d0be8d (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:10:24,590 [263] [DEBUG] [app] Ending request: urn:request:e5de7e19-5752-4237-a004-fe1a55d0be8d (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:e5de7e19-5752-4237-a004-fe1a55d0be8d', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:10:24,590 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:24 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 162 0.002) gunicorn-web stdout | 2025-11-04 09:10:24,590 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:10:24,591 [249] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:10:24,593 [248] [DEBUG] [app] Starting request: urn:request:c09b5619-25b0-4ef3-b2d1-d21c08615a9a (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:10:24,593 [248] [DEBUG] [app] Ending request: urn:request:c09b5619-25b0-4ef3-b2d1-d21c08615a9a (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:c09b5619-25b0-4ef3-b2d1-d21c08615a9a', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:10:24,594 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:24 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:24,594 [249] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:24 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.001 159 0.001) gunicorn-web stdout | 2025-11-04 09:10:24,594 [249] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:10:24,594 [249] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:10:24,594 [249] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:10:24,601 [249] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:10:24,601 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:10:24,611 [249] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:10:24,614 [249] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:10:24,617 [249] [DEBUG] [app] Ending request: urn:request:3607ef11-45b4-4517-a38b-5c8313b23ee2 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:3607ef11-45b4-4517-a38b-5c8313b23ee2', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:10:24,617 [249] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:10:24,618 [249] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:10:24 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:10:24 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.030 118 0.030) globalpromstats stdout | 2025-11-04 09:10:25,735 [68] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'globalpromstats.py', 'pid': '68'} globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open globalpromstats stdout | h.request(req.get_method(), req.selector, req.data, headers, globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request globalpromstats stdout | self._send_request(method, url, body, headers, encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request globalpromstats stdout | self.endheaders(body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders globalpromstats stdout | self._send_output(message_body, encode_chunked=encode_chunked) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output globalpromstats stdout | self.send(msg) globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send globalpromstats stdout | self.connect() globalpromstats stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect globalpromstats stdout | self.sock = self._create_connection( globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection globalpromstats stdout | raise exceptions[0] globalpromstats stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection globalpromstats stdout | sock.connect(sa) globalpromstats stdout | ConnectionRefusedError: [Errno 111] Connection refused globalpromstats stdout | During handling of the above exception, another exception occurred: globalpromstats stdout | Traceback (most recent call last): globalpromstats stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run globalpromstats stdout | push_to_gateway( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway globalpromstats stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway globalpromstats stdout | handler( globalpromstats stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle globalpromstats stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open globalpromstats stdout | response = self._open(req, data) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open globalpromstats stdout | result = self._call_chain(self.handle_open, protocol, protocol + globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain globalpromstats stdout | result = func(*args) globalpromstats stdout | ^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open globalpromstats stdout | return self.do_open(http.client.HTTPConnection, req) globalpromstats stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ globalpromstats stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open globalpromstats stdout | raise URLError(err) globalpromstats stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:10:25,956 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:10:25,957 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:34.952363+00:00 (in 8.995280 seconds) gcworker stdout | 2025-11-04 09:10:25,957 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:55 GMT)" (scheduled at 2025-11-04 09:10:25.956600+00:00) gcworker stdout | 2025-11-04 09:10:25,957 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "externalnotificationevent" AS "t1" WHERE ("t1"."name" = %s) LIMIT %s OFFSET %s', ['repo_image_expiry', 1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:10:25,963 [82] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotaregistrysizeworker.py', 'pid': '82'} quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotaregistrysizeworker stdout | h.request(req.get_method(), req.selector, req.data, headers, quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotaregistrysizeworker stdout | self._send_request(method, url, body, headers, encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotaregistrysizeworker stdout | self.endheaders(body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotaregistrysizeworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotaregistrysizeworker stdout | self.send(msg) quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotaregistrysizeworker stdout | self.connect() quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotaregistrysizeworker stdout | self.sock = self._create_connection( quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotaregistrysizeworker stdout | raise exceptions[0] quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotaregistrysizeworker stdout | sock.connect(sa) quotaregistrysizeworker stdout | ConnectionRefusedError: [Errno 111] Connection refused quotaregistrysizeworker stdout | During handling of the above exception, another exception occurred: quotaregistrysizeworker stdout | Traceback (most recent call last): quotaregistrysizeworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotaregistrysizeworker stdout | push_to_gateway( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotaregistrysizeworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotaregistrysizeworker stdout | handler( quotaregistrysizeworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotaregistrysizeworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotaregistrysizeworker stdout | response = self._open(req, data) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotaregistrysizeworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotaregistrysizeworker stdout | result = func(*args) quotaregistrysizeworker stdout | ^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotaregistrysizeworker stdout | return self.do_open(http.client.HTTPConnection, req) quotaregistrysizeworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotaregistrysizeworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotaregistrysizeworker stdout | raise URLError(err) quotaregistrysizeworker stdout | urllib.error.URLError: gcworker stdout | 2025-11-04 09:10:25,969 [67] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."uuid", "t1"."method_id", "t1"."repository_id", "t1"."event_config_json" FROM "repositorynotification" AS "t1" WHERE ((("t1"."event_id" = %s) AND ("t1"."number_of_failures" < %s)) AND (("t1"."last_ran_ms" < %s) OR ("t1"."last_ran_ms" IS %s))) ORDER BY "t1"."last_ran_ms" ASC NULLS first LIMIT %s OFFSET %s FOR UPDATE SKIP LOCKED', [11, 3, 1762247125969, None, 1, 0]) gcworker stdout | 2025-11-04 09:10:25,973 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:10:25,973 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._scan_notifications (trigger: interval[0:00:30], next run at: 2025-11-04 09:10:55 GMT)" executed successfully chunkcleanupworker stdout | 2025-11-04 09:10:26,257 [63] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'chunkcleanupworker.py', 'pid': '63'} chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open chunkcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request chunkcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request chunkcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders chunkcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output chunkcleanupworker stdout | self.send(msg) chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send chunkcleanupworker stdout | self.connect() chunkcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect chunkcleanupworker stdout | self.sock = self._create_connection( chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection chunkcleanupworker stdout | raise exceptions[0] chunkcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection chunkcleanupworker stdout | sock.connect(sa) chunkcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused chunkcleanupworker stdout | During handling of the above exception, another exception occurred: chunkcleanupworker stdout | Traceback (most recent call last): chunkcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run chunkcleanupworker stdout | push_to_gateway( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway chunkcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway chunkcleanupworker stdout | handler( chunkcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle chunkcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open chunkcleanupworker stdout | response = self._open(req, data) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open chunkcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain chunkcleanupworker stdout | result = func(*args) chunkcleanupworker stdout | ^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open chunkcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) chunkcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ chunkcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open chunkcleanupworker stdout | raise URLError(err) chunkcleanupworker stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:10:26,958 [79] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'proxycacheblobworker.py', 'pid': '79'} proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open proxycacheblobworker stdout | h.request(req.get_method(), req.selector, req.data, headers, proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request proxycacheblobworker stdout | self._send_request(method, url, body, headers, encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request proxycacheblobworker stdout | self.endheaders(body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders proxycacheblobworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output proxycacheblobworker stdout | self.send(msg) proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send proxycacheblobworker stdout | self.connect() proxycacheblobworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect proxycacheblobworker stdout | self.sock = self._create_connection( proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection proxycacheblobworker stdout | raise exceptions[0] proxycacheblobworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection proxycacheblobworker stdout | sock.connect(sa) proxycacheblobworker stdout | ConnectionRefusedError: [Errno 111] Connection refused proxycacheblobworker stdout | During handling of the above exception, another exception occurred: proxycacheblobworker stdout | Traceback (most recent call last): proxycacheblobworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run proxycacheblobworker stdout | push_to_gateway( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway proxycacheblobworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway proxycacheblobworker stdout | handler( proxycacheblobworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle proxycacheblobworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open proxycacheblobworker stdout | response = self._open(req, data) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open proxycacheblobworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain proxycacheblobworker stdout | result = func(*args) proxycacheblobworker stdout | ^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open proxycacheblobworker stdout | return self.do_open(http.client.HTTPConnection, req) proxycacheblobworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ proxycacheblobworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open proxycacheblobworker stdout | raise URLError(err) proxycacheblobworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:10:27,064 [86] [DEBUG] [apscheduler.scheduler] Looking for jobs to run repositorygcworker stdout | 2025-11-04 09:10:27,064 [86] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:51.065407+00:00 (in 24.001012 seconds) repositorygcworker stdout | 2025-11-04 09:10:27,064 [86] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:27 GMT)" (scheduled at 2025-11-04 09:10:27.063966+00:00) repositorygcworker stdout | 2025-11-04 09:10:27,064 [86] [DEBUG] [workers.queueworker] Getting work item from queue. repositorygcworker stdout | 2025-11-04 09:10:27,065 [86] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 27, 64741), True, datetime.datetime(2025, 11, 4, 9, 10, 27, 64741), 0, 'repositorygc/%', 50, 1, 0]) repositorygcworker stdout | 2025-11-04 09:10:27,077 [86] [DEBUG] [workers.queueworker] No more work. repositorygcworker stdout | 2025-11-04 09:10:27,077 [86] [DEBUG] [data.database] Disconnecting from database. repositorygcworker stdout | 2025-11-04 09:10:27,077 [86] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:27 GMT)" executed successfully proxycacheblobworker stdout | 2025-11-04 09:10:27,142 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:10:27,143 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:34.140529+00:00 (in 6.997307 seconds) proxycacheblobworker stdout | 2025-11-04 09:10:27,143 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:27 GMT)" (scheduled at 2025-11-04 09:10:27.142482+00:00) proxycacheblobworker stdout | 2025-11-04 09:10:27,143 [79] [DEBUG] [workers.queueworker] Running watchdog. proxycacheblobworker stdout | 2025-11-04 09:10:27,143 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:27 GMT)" executed successfully queuecleanupworker stdout | 2025-11-04 09:10:27,453 [81] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'queuecleanupworker.py', 'pid': '81'} queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open queuecleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request queuecleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request queuecleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders queuecleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output queuecleanupworker stdout | self.send(msg) queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send queuecleanupworker stdout | self.connect() queuecleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect queuecleanupworker stdout | self.sock = self._create_connection( queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection queuecleanupworker stdout | raise exceptions[0] queuecleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection queuecleanupworker stdout | sock.connect(sa) queuecleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused queuecleanupworker stdout | During handling of the above exception, another exception occurred: queuecleanupworker stdout | Traceback (most recent call last): queuecleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run queuecleanupworker stdout | push_to_gateway( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway queuecleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway queuecleanupworker stdout | handler( queuecleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle queuecleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open queuecleanupworker stdout | response = self._open(req, data) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open queuecleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain queuecleanupworker stdout | result = func(*args) queuecleanupworker stdout | ^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open queuecleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) queuecleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ queuecleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open queuecleanupworker stdout | raise URLError(err) queuecleanupworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:10:27,649 [87] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityscanningnotificationworker.py', 'pid': '87'} securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityscanningnotificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityscanningnotificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityscanningnotificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityscanningnotificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityscanningnotificationworker stdout | self.send(msg) securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityscanningnotificationworker stdout | self.connect() securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityscanningnotificationworker stdout | self.sock = self._create_connection( securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityscanningnotificationworker stdout | raise exceptions[0] securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityscanningnotificationworker stdout | sock.connect(sa) securityscanningnotificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityscanningnotificationworker stdout | During handling of the above exception, another exception occurred: securityscanningnotificationworker stdout | Traceback (most recent call last): securityscanningnotificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityscanningnotificationworker stdout | push_to_gateway( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityscanningnotificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityscanningnotificationworker stdout | handler( securityscanningnotificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityscanningnotificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityscanningnotificationworker stdout | response = self._open(req, data) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityscanningnotificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityscanningnotificationworker stdout | result = func(*args) securityscanningnotificationworker stdout | ^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityscanningnotificationworker stdout | return self.do_open(http.client.HTTPConnection, req) securityscanningnotificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityscanningnotificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityscanningnotificationworker stdout | raise URLError(err) securityscanningnotificationworker stdout | urllib.error.URLError: securityscanningnotificationworker stdout | 2025-11-04 09:10:27,746 [87] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityscanningnotificationworker stdout | 2025-11-04 09:10:27,746 [87] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:11:10.743793+00:00 (in 42.997530 seconds) securityscanningnotificationworker stdout | 2025-11-04 09:10:27,746 [87] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:27 GMT)" (scheduled at 2025-11-04 09:10:27.745810+00:00) securityscanningnotificationworker stdout | 2025-11-04 09:10:27,746 [87] [DEBUG] [workers.queueworker] Running watchdog. securityscanningnotificationworker stdout | 2025-11-04 09:10:27,746 [87] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:27 GMT)" executed successfully blobuploadcleanupworker stdout | 2025-11-04 09:10:27,871 [60] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'blobuploadcleanupworker.py', 'pid': '60'} blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open blobuploadcleanupworker stdout | h.request(req.get_method(), req.selector, req.data, headers, blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request blobuploadcleanupworker stdout | self._send_request(method, url, body, headers, encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request blobuploadcleanupworker stdout | self.endheaders(body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders blobuploadcleanupworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output blobuploadcleanupworker stdout | self.send(msg) blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send blobuploadcleanupworker stdout | self.connect() blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect blobuploadcleanupworker stdout | self.sock = self._create_connection( blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection blobuploadcleanupworker stdout | raise exceptions[0] blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection blobuploadcleanupworker stdout | sock.connect(sa) blobuploadcleanupworker stdout | ConnectionRefusedError: [Errno 111] Connection refused blobuploadcleanupworker stdout | During handling of the above exception, another exception occurred: blobuploadcleanupworker stdout | Traceback (most recent call last): blobuploadcleanupworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run blobuploadcleanupworker stdout | push_to_gateway( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway blobuploadcleanupworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway blobuploadcleanupworker stdout | handler( blobuploadcleanupworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle blobuploadcleanupworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open blobuploadcleanupworker stdout | response = self._open(req, data) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open blobuploadcleanupworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain blobuploadcleanupworker stdout | result = func(*args) blobuploadcleanupworker stdout | ^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open blobuploadcleanupworker stdout | return self.do_open(http.client.HTTPConnection, req) blobuploadcleanupworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ blobuploadcleanupworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open blobuploadcleanupworker stdout | raise URLError(err) blobuploadcleanupworker stdout | urllib.error.URLError: exportactionlogsworker stdout | 2025-11-04 09:10:28,340 [66] [DEBUG] [apscheduler.scheduler] Looking for jobs to run exportactionlogsworker stdout | 2025-11-04 09:10:28,340 [66] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:11:16.343350+00:00 (in 48.002491 seconds) exportactionlogsworker stdout | 2025-11-04 09:10:28,341 [66] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:28 GMT)" (scheduled at 2025-11-04 09:10:28.340417+00:00) exportactionlogsworker stdout | 2025-11-04 09:10:28,341 [66] [DEBUG] [workers.queueworker] Getting work item from queue. exportactionlogsworker stdout | 2025-11-04 09:10:28,341 [66] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 28, 341203), True, datetime.datetime(2025, 11, 4, 9, 10, 28, 341203), 0, 'exportactionlogs/%', 50, 1, 0]) exportactionlogsworker stdout | 2025-11-04 09:10:28,354 [66] [DEBUG] [workers.queueworker] No more work. exportactionlogsworker stdout | 2025-11-04 09:10:28,355 [66] [DEBUG] [data.database] Disconnecting from database. exportactionlogsworker stdout | 2025-11-04 09:10:28,355 [66] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:28 GMT)" executed successfully expiredappspecifictokenworker stdout | 2025-11-04 09:10:28,547 [65] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'expiredappspecifictokenworker.py', 'pid': '65'} expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open expiredappspecifictokenworker stdout | h.request(req.get_method(), req.selector, req.data, headers, expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request expiredappspecifictokenworker stdout | self._send_request(method, url, body, headers, encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request expiredappspecifictokenworker stdout | self.endheaders(body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders expiredappspecifictokenworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output expiredappspecifictokenworker stdout | self.send(msg) expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send expiredappspecifictokenworker stdout | self.connect() expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect expiredappspecifictokenworker stdout | self.sock = self._create_connection( expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection expiredappspecifictokenworker stdout | raise exceptions[0] expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection expiredappspecifictokenworker stdout | sock.connect(sa) expiredappspecifictokenworker stdout | ConnectionRefusedError: [Errno 111] Connection refused expiredappspecifictokenworker stdout | During handling of the above exception, another exception occurred: expiredappspecifictokenworker stdout | Traceback (most recent call last): expiredappspecifictokenworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run expiredappspecifictokenworker stdout | push_to_gateway( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway expiredappspecifictokenworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway expiredappspecifictokenworker stdout | handler( expiredappspecifictokenworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle expiredappspecifictokenworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open expiredappspecifictokenworker stdout | response = self._open(req, data) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open expiredappspecifictokenworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain expiredappspecifictokenworker stdout | result = func(*args) expiredappspecifictokenworker stdout | ^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open expiredappspecifictokenworker stdout | return self.do_open(http.client.HTTPConnection, req) expiredappspecifictokenworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ expiredappspecifictokenworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open expiredappspecifictokenworker stdout | raise URLError(err) expiredappspecifictokenworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:29,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:10:29,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:29.157944+00:00 (in 0.001092 seconds) notificationworker stdout | 2025-11-04 09:10:29,157 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:39 GMT)" (scheduled at 2025-11-04 09:10:29.156372+00:00) notificationworker stdout | 2025-11-04 09:10:29,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:10:29,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 29, 157220), True, datetime.datetime(2025, 11, 4, 9, 10, 29, 157220), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:10:29,158 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:10:29,158 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:39.156372+00:00 (in 9.998179 seconds) notificationworker stdout | 2025-11-04 09:10:29,158 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:29 GMT)" (scheduled at 2025-11-04 09:10:29.157944+00:00) notificationworker stdout | 2025-11-04 09:10:29,158 [78] [DEBUG] [workers.queueworker] Running watchdog. notificationworker stdout | 2025-11-04 09:10:29,158 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:29 GMT)" executed successfully notificationworker stdout | 2025-11-04 09:10:29,170 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:10:29,170 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:10:29,170 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:39 GMT)" executed successfully buildlogsarchiver stdout | 2025-11-04 09:10:29,462 [62] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'buildlogsarchiver.py', 'pid': '62'} buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open buildlogsarchiver stdout | h.request(req.get_method(), req.selector, req.data, headers, buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request buildlogsarchiver stdout | self._send_request(method, url, body, headers, encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request buildlogsarchiver stdout | self.endheaders(body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders buildlogsarchiver stdout | self._send_output(message_body, encode_chunked=encode_chunked) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output buildlogsarchiver stdout | self.send(msg) buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send buildlogsarchiver stdout | self.connect() buildlogsarchiver stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect buildlogsarchiver stdout | self.sock = self._create_connection( buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection buildlogsarchiver stdout | raise exceptions[0] buildlogsarchiver stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection buildlogsarchiver stdout | sock.connect(sa) buildlogsarchiver stdout | ConnectionRefusedError: [Errno 111] Connection refused buildlogsarchiver stdout | During handling of the above exception, another exception occurred: buildlogsarchiver stdout | Traceback (most recent call last): buildlogsarchiver stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run buildlogsarchiver stdout | push_to_gateway( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway buildlogsarchiver stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway buildlogsarchiver stdout | handler( buildlogsarchiver stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle buildlogsarchiver stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open buildlogsarchiver stdout | response = self._open(req, data) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open buildlogsarchiver stdout | result = self._call_chain(self.handle_open, protocol, protocol + buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain buildlogsarchiver stdout | result = func(*args) buildlogsarchiver stdout | ^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open buildlogsarchiver stdout | return self.do_open(http.client.HTTPConnection, req) buildlogsarchiver stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ buildlogsarchiver stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open buildlogsarchiver stdout | raise URLError(err) buildlogsarchiver stdout | urllib.error.URLError: logrotateworker stdout | 2025-11-04 09:10:29,657 [72] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'logrotateworker.py', 'pid': '72'} logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open logrotateworker stdout | h.request(req.get_method(), req.selector, req.data, headers, logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request logrotateworker stdout | self._send_request(method, url, body, headers, encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request logrotateworker stdout | self.endheaders(body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders logrotateworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output logrotateworker stdout | self.send(msg) logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send logrotateworker stdout | self.connect() logrotateworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect logrotateworker stdout | self.sock = self._create_connection( logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection logrotateworker stdout | raise exceptions[0] logrotateworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection logrotateworker stdout | sock.connect(sa) logrotateworker stdout | ConnectionRefusedError: [Errno 111] Connection refused logrotateworker stdout | During handling of the above exception, another exception occurred: logrotateworker stdout | Traceback (most recent call last): logrotateworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run logrotateworker stdout | push_to_gateway( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway logrotateworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway logrotateworker stdout | handler( logrotateworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle logrotateworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open logrotateworker stdout | response = self._open(req, data) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open logrotateworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain logrotateworker stdout | result = func(*args) logrotateworker stdout | ^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open logrotateworker stdout | return self.do_open(http.client.HTTPConnection, req) logrotateworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ logrotateworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open logrotateworker stdout | raise URLError(err) logrotateworker stdout | urllib.error.URLError: repositorygcworker stdout | 2025-11-04 09:10:30,664 [86] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositorygcworker.py', 'pid': '86'} repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositorygcworker stdout | h.request(req.get_method(), req.selector, req.data, headers, repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositorygcworker stdout | self._send_request(method, url, body, headers, encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositorygcworker stdout | self.endheaders(body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositorygcworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositorygcworker stdout | self.send(msg) repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositorygcworker stdout | self.connect() repositorygcworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositorygcworker stdout | self.sock = self._create_connection( repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositorygcworker stdout | raise exceptions[0] repositorygcworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositorygcworker stdout | sock.connect(sa) repositorygcworker stdout | ConnectionRefusedError: [Errno 111] Connection refused repositorygcworker stdout | During handling of the above exception, another exception occurred: repositorygcworker stdout | Traceback (most recent call last): repositorygcworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositorygcworker stdout | push_to_gateway( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositorygcworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositorygcworker stdout | handler( repositorygcworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositorygcworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositorygcworker stdout | response = self._open(req, data) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositorygcworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositorygcworker stdout | result = func(*args) repositorygcworker stdout | ^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositorygcworker stdout | return self.do_open(http.client.HTTPConnection, req) repositorygcworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositorygcworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositorygcworker stdout | raise URLError(err) repositorygcworker stdout | urllib.error.URLError: repositoryactioncounter stdout | 2025-11-04 09:10:30,755 [85] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'repositoryactioncounter.py', 'pid': '85'} repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open repositoryactioncounter stdout | h.request(req.get_method(), req.selector, req.data, headers, repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request repositoryactioncounter stdout | self._send_request(method, url, body, headers, encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request repositoryactioncounter stdout | self.endheaders(body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders repositoryactioncounter stdout | self._send_output(message_body, encode_chunked=encode_chunked) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output repositoryactioncounter stdout | self.send(msg) repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send repositoryactioncounter stdout | self.connect() repositoryactioncounter stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect repositoryactioncounter stdout | self.sock = self._create_connection( repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection repositoryactioncounter stdout | raise exceptions[0] repositoryactioncounter stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection repositoryactioncounter stdout | sock.connect(sa) repositoryactioncounter stdout | ConnectionRefusedError: [Errno 111] Connection refused repositoryactioncounter stdout | During handling of the above exception, another exception occurred: repositoryactioncounter stdout | Traceback (most recent call last): repositoryactioncounter stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run repositoryactioncounter stdout | push_to_gateway( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway repositoryactioncounter stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway repositoryactioncounter stdout | handler( repositoryactioncounter stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle repositoryactioncounter stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open repositoryactioncounter stdout | response = self._open(req, data) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open repositoryactioncounter stdout | result = self._call_chain(self.handle_open, protocol, protocol + repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain repositoryactioncounter stdout | result = func(*args) repositoryactioncounter stdout | ^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open repositoryactioncounter stdout | return self.do_open(http.client.HTTPConnection, req) repositoryactioncounter stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ repositoryactioncounter stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open repositoryactioncounter stdout | raise URLError(err) repositoryactioncounter stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:10:31,535 [252] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '252'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:10:31,542 [253] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '253'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: gunicorn-secscan stdout | 2025-11-04 09:10:31,543 [70] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'secscan:application', 'pid': '70'} gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-secscan stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-secscan stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-secscan stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-secscan stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-secscan stdout | self.send(msg) gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-secscan stdout | self.connect() gunicorn-secscan stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-secscan stdout | self.sock = self._create_connection( gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-secscan stdout | sock.connect(sa) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-secscan stdout | self._internal_connect(address) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-secscan stdout | raise _SocketError(err, strerror(err)) gunicorn-secscan stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-secscan stdout | During handling of the above exception, another exception occurred: gunicorn-secscan stdout | Traceback (most recent call last): gunicorn-secscan stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-secscan stdout | push_to_gateway( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-secscan stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-secscan stdout | handler( gunicorn-secscan stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-secscan stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-secscan stdout | response = self._open(req, data) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-secscan stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-secscan stdout | result = func(*args) gunicorn-secscan stdout | ^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-secscan stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-secscan stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-secscan stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-secscan stdout | raise URLError(err) gunicorn-secscan stdout | urllib.error.URLError: quotaregistrysizeworker stdout | 2025-11-04 09:10:31,643 [82] [DEBUG] [apscheduler.scheduler] Looking for jobs to run quotaregistrysizeworker stdout | 2025-11-04 09:10:31,643 [82] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:11:31.643382+00:00 (in 59.999492 seconds) quotaregistrysizeworker stdout | 2025-11-04 09:10:31,644 [82] [INFO] [apscheduler.executors.default] Running job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:31 GMT)" (scheduled at 2025-11-04 09:10:31.643382+00:00) quotaregistrysizeworker stdout | 2025-11-04 09:10:31,644 [82] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."size_bytes", "t1"."running", "t1"."queued", "t1"."completed_ms" FROM "quotaregistrysize" AS "t1" LIMIT %s OFFSET %s', [1, 0]) quotaregistrysizeworker stdout | 2025-11-04 09:10:31,656 [82] [DEBUG] [data.database] Disconnecting from database. quotaregistrysizeworker stdout | 2025-11-04 09:10:31,656 [82] [INFO] [apscheduler.executors.default] Job "QuotaRegistrySizeWorker._calculate_registry_size (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:31 GMT)" executed successfully gunicorn-registry stdout | 2025-11-04 09:10:33,817 [263] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '263'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,818 [69] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '69'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,921 [257] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '257'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,922 [264] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '264'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,924 [259] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '259'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,941 [261] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '261'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,941 [262] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '262'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,947 [260] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '260'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: gunicorn-registry stdout | 2025-11-04 09:10:33,954 [258] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'registry:application', 'pid': '258'} gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open gunicorn-registry stdout | h.request(req.get_method(), req.selector, req.data, headers, gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request gunicorn-registry stdout | self._send_request(method, url, body, headers, encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request gunicorn-registry stdout | self.endheaders(body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders gunicorn-registry stdout | self._send_output(message_body, encode_chunked=encode_chunked) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output gunicorn-registry stdout | self.send(msg) gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send gunicorn-registry stdout | self.connect() gunicorn-registry stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect gunicorn-registry stdout | self.sock = self._create_connection( gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/socket.py", line 115, in create_connection gunicorn-registry stdout | sock.connect(sa) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 586, in connect gunicorn-registry stdout | self._internal_connect(address) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/gevent/_socketcommon.py", line 630, in _internal_connect gunicorn-registry stdout | raise _SocketError(err, strerror(err)) gunicorn-registry stdout | ConnectionRefusedError: [Errno 111] Connection refused gunicorn-registry stdout | During handling of the above exception, another exception occurred: gunicorn-registry stdout | Traceback (most recent call last): gunicorn-registry stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run gunicorn-registry stdout | push_to_gateway( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway gunicorn-registry stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway gunicorn-registry stdout | handler( gunicorn-registry stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle gunicorn-registry stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open gunicorn-registry stdout | response = self._open(req, data) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open gunicorn-registry stdout | result = self._call_chain(self.handle_open, protocol, protocol + gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain gunicorn-registry stdout | result = func(*args) gunicorn-registry stdout | ^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open gunicorn-registry stdout | return self.do_open(http.client.HTTPConnection, req) gunicorn-registry stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ gunicorn-registry stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open gunicorn-registry stdout | raise URLError(err) gunicorn-registry stdout | urllib.error.URLError: proxycacheblobworker stdout | 2025-11-04 09:10:34,140 [79] [DEBUG] [apscheduler.scheduler] Looking for jobs to run proxycacheblobworker stdout | 2025-11-04 09:10:34,141 [79] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:44.140529+00:00 (in 9.999533 seconds) proxycacheblobworker stdout | 2025-11-04 09:10:34,141 [79] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:44 GMT)" (scheduled at 2025-11-04 09:10:34.140529+00:00) proxycacheblobworker stdout | 2025-11-04 09:10:34,141 [79] [DEBUG] [workers.queueworker] Getting work item from queue. proxycacheblobworker stdout | 2025-11-04 09:10:34,142 [79] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 34, 141356), True, datetime.datetime(2025, 11, 4, 9, 10, 34, 141356), 0, 'proxycacheblob/%', 50, 1, 0]) proxycacheblobworker stdout | 2025-11-04 09:10:34,155 [79] [DEBUG] [workers.queueworker] No more work. proxycacheblobworker stdout | 2025-11-04 09:10:34,155 [79] [DEBUG] [data.database] Disconnecting from database. proxycacheblobworker stdout | 2025-11-04 09:10:34,155 [79] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:44 GMT)" executed successfully gcworker stdout | 2025-11-04 09:10:34,952 [67] [DEBUG] [apscheduler.scheduler] Looking for jobs to run gcworker stdout | 2025-11-04 09:10:34,952 [67] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:55.956600+00:00 (in 21.003770 seconds) gcworker stdout | 2025-11-04 09:10:34,953 [67] [INFO] [apscheduler.executors.default] Running job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:11:04 GMT)" (scheduled at 2025-11-04 09:10:34.952363+00:00) gcworker stdout | 2025-11-04 09:10:34,954 [67] [DEBUG] [peewee] ('SELECT "candidates"."repository_id" FROM (SELECT DISTINCT "t1"."repository_id" FROM "tag" AS "t1" INNER JOIN "repository" AS "t2" ON ("t1"."repository_id" = "t2"."id") INNER JOIN "user" AS "t3" ON ("t2"."namespace_user_id" = "t3"."id") WHERE ((((NOT ("t1"."lifetime_end_ms" IS %s) AND ("t1"."lifetime_end_ms" <= %s)) AND ("t3"."removed_tag_expiration_s" = %s)) AND ("t3"."enabled" = %s)) AND ("t2"."state" != %s)) LIMIT %s) AS "candidates" ORDER BY Random() LIMIT %s OFFSET %s', [None, 1761037834953, 1209600, True, 3, 500, 1, 0]) gcworker stdout | 2025-11-04 09:10:34,968 [67] [DEBUG] [__main__] No repository with garbage found gcworker stdout | 2025-11-04 09:10:34,968 [67] [DEBUG] [data.database] Disconnecting from database. gcworker stdout | 2025-11-04 09:10:34,968 [67] [INFO] [apscheduler.executors.default] Job "GarbageCollectionWorker._garbage_collection_repos (trigger: interval[0:00:30], next run at: 2025-11-04 09:11:04 GMT)" executed successfully reconciliationworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'reconciliationworker.py', 'pid': '84'} reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open reconciliationworker stderr | h.request(req.get_method(), req.selector, req.data, headers, reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request reconciliationworker stderr | self._send_request(method, url, body, headers, encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request reconciliationworker stderr | self.endheaders(body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders reconciliationworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output reconciliationworker stderr | self.send(msg) reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send reconciliationworker stderr | self.connect() reconciliationworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect reconciliationworker stderr | self.sock = self._create_connection( reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection reconciliationworker stderr | raise exceptions[0] reconciliationworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection reconciliationworker stderr | sock.connect(sa) reconciliationworker stderr | ConnectionRefusedError: [Errno 111] Connection refused reconciliationworker stderr | During handling of the above exception, another exception occurred: reconciliationworker stderr | Traceback (most recent call last): reconciliationworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run reconciliationworker stderr | push_to_gateway( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway reconciliationworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway reconciliationworker stderr | handler( reconciliationworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle reconciliationworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open reconciliationworker stderr | response = self._open(req, data) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open reconciliationworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain reconciliationworker stderr | result = func(*args) reconciliationworker stderr | ^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open reconciliationworker stderr | return self.do_open(http.client.HTTPConnection, req) reconciliationworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reconciliationworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open reconciliationworker stderr | raise URLError(err) reconciliationworker stderr | urllib.error.URLError: quotatotalworker stderr | failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'quotatotalworker.py', 'pid': '83'} quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open quotatotalworker stderr | h.request(req.get_method(), req.selector, req.data, headers, quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1338, in request quotatotalworker stderr | self._send_request(method, url, body, headers, encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request quotatotalworker stderr | self.endheaders(body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders quotatotalworker stderr | self._send_output(message_body, encode_chunked=encode_chunked) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output quotatotalworker stderr | self.send(msg) quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1037, in send quotatotalworker stderr | self.connect() quotatotalworker stderr | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect quotatotalworker stderr | self.sock = self._create_connection( quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection quotatotalworker stderr | raise exceptions[0] quotatotalworker stderr | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection quotatotalworker stderr | sock.connect(sa) quotatotalworker stderr | ConnectionRefusedError: [Errno 111] Connection refused quotatotalworker stderr | During handling of the above exception, another exception occurred: quotatotalworker stderr | Traceback (most recent call last): quotatotalworker stderr | File "/quay-registry/util/metrics/prometheus.py", line 140, in run quotatotalworker stderr | push_to_gateway( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway quotatotalworker stderr | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway quotatotalworker stderr | handler( quotatotalworker stderr | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle quotatotalworker stderr | resp = build_opener(HTTPHandler).open(request, timeout=timeout) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open quotatotalworker stderr | response = self._open(req, data) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open quotatotalworker stderr | result = self._call_chain(self.handle_open, protocol, protocol + quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain quotatotalworker stderr | result = func(*args) quotatotalworker stderr | ^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open quotatotalworker stderr | return self.do_open(http.client.HTTPConnection, req) quotatotalworker stderr | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ quotatotalworker stderr | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open quotatotalworker stderr | raise URLError(err) quotatotalworker stderr | urllib.error.URLError: securityworker stdout | 2025-11-04 09:10:37,252 [93] [DEBUG] [apscheduler.scheduler] Looking for jobs to run securityworker stdout | 2025-11-04 09:10:37,252 [93] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:51.254713+00:00 (in 14.001772 seconds) securityworker stdout | 2025-11-04 09:10:37,253 [93] [INFO] [apscheduler.executors.default] Running job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:11:07 GMT)" (scheduled at 2025-11-04 09:10:37.252445+00:00) securityworker stdout | 2025-11-04 09:10:37,253 [93] [DEBUG] [util.secscan.v4.api] generated jwt for security scanner request securityworker stdout | 2025-11-04 09:10:37,253 [93] [DEBUG] [util.secscan.v4.api] GETing security URL http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local/indexer/api/v1/index_state securityworker stdout | 2025-11-04 09:10:37,256 [93] [DEBUG] [urllib3.connectionpool] http://quayregistry-clair-app.quay-enterprise-15509.svc.cluster.local:80 "GET /indexer/api/v1/index_state HTTP/1.1" 200 None securityworker stdout | 2025-11-04 09:10:37,258 [93] [DEBUG] [peewee] ('SELECT Max("t1"."id") FROM "manifest" AS "t1"', []) securityworker stdout | 2025-11-04 09:10:37,269 [93] [DEBUG] [data.database] Disconnecting from database. securityworker stdout | 2025-11-04 09:10:37,269 [93] [INFO] [apscheduler.executors.default] Job "SecurityWorker._index_in_scanner (trigger: interval[0:00:30], next run at: 2025-11-04 09:11:07 GMT)" executed successfully namespacegcworker stdout | 2025-11-04 09:10:37,447 [76] [DEBUG] [apscheduler.scheduler] Looking for jobs to run namespacegcworker stdout | 2025-11-04 09:10:37,447 [76] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:59.446467+00:00 (in 21.999109 seconds) namespacegcworker stdout | 2025-11-04 09:10:37,447 [76] [INFO] [apscheduler.executors.default] Running job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:37 GMT)" (scheduled at 2025-11-04 09:10:37.446883+00:00) namespacegcworker stdout | 2025-11-04 09:10:37,447 [76] [DEBUG] [workers.queueworker] Running watchdog. namespacegcworker stdout | 2025-11-04 09:10:37,447 [76] [INFO] [apscheduler.executors.default] Job "QueueWorker.run_watchdog (trigger: interval[0:01:00], next run at: 2025-11-04 09:11:37 GMT)" executed successfully securityworker stdout | 2025-11-04 09:10:37,754 [93] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'securityworker.py', 'pid': '93'} securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open securityworker stdout | h.request(req.get_method(), req.selector, req.data, headers, securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request securityworker stdout | self._send_request(method, url, body, headers, encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request securityworker stdout | self.endheaders(body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders securityworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output securityworker stdout | self.send(msg) securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send securityworker stdout | self.connect() securityworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect securityworker stdout | self.sock = self._create_connection( securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection securityworker stdout | raise exceptions[0] securityworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection securityworker stdout | sock.connect(sa) securityworker stdout | ConnectionRefusedError: [Errno 111] Connection refused securityworker stdout | During handling of the above exception, another exception occurred: securityworker stdout | Traceback (most recent call last): securityworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run securityworker stdout | push_to_gateway( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway securityworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway securityworker stdout | handler( securityworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle securityworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open securityworker stdout | response = self._open(req, data) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open securityworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain securityworker stdout | result = func(*args) securityworker stdout | ^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open securityworker stdout | return self.do_open(http.client.HTTPConnection, req) securityworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ securityworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open securityworker stdout | raise URLError(err) securityworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:37,948 [78] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'notificationworker.py', 'pid': '78'} notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open notificationworker stdout | h.request(req.get_method(), req.selector, req.data, headers, notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request notificationworker stdout | self._send_request(method, url, body, headers, encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request notificationworker stdout | self.endheaders(body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders notificationworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output notificationworker stdout | self.send(msg) notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send notificationworker stdout | self.connect() notificationworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect notificationworker stdout | self.sock = self._create_connection( notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection notificationworker stdout | raise exceptions[0] notificationworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection notificationworker stdout | sock.connect(sa) notificationworker stdout | ConnectionRefusedError: [Errno 111] Connection refused notificationworker stdout | During handling of the above exception, another exception occurred: notificationworker stdout | Traceback (most recent call last): notificationworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run notificationworker stdout | push_to_gateway( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway notificationworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway notificationworker stdout | handler( notificationworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle notificationworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open notificationworker stdout | response = self._open(req, data) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open notificationworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain notificationworker stdout | result = func(*args) notificationworker stdout | ^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open notificationworker stdout | return self.do_open(http.client.HTTPConnection, req) notificationworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ notificationworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open notificationworker stdout | raise URLError(err) notificationworker stdout | urllib.error.URLError: notificationworker stdout | 2025-11-04 09:10:39,156 [78] [DEBUG] [apscheduler.scheduler] Looking for jobs to run notificationworker stdout | 2025-11-04 09:10:39,156 [78] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:10:49.156372+00:00 (in 9.999582 seconds) notificationworker stdout | 2025-11-04 09:10:39,156 [78] [INFO] [apscheduler.executors.default] Running job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:49 GMT)" (scheduled at 2025-11-04 09:10:39.156372+00:00) notificationworker stdout | 2025-11-04 09:10:39,157 [78] [DEBUG] [workers.queueworker] Getting work item from queue. notificationworker stdout | 2025-11-04 09:10:39,157 [78] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."queue_name", "t1"."body", "t1"."available_after", "t1"."available", "t1"."processing_expires", "t1"."retries_remaining", "t1"."state_id" FROM "queueitem" AS "t1" INNER JOIN (SELECT "t1"."id" FROM "queueitem" AS "t1" WHERE (((("t1"."available_after" <= %s) AND (("t1"."available" = %s) OR ("t1"."processing_expires" <= %s))) AND ("t1"."retries_remaining" > %s)) AND ("t1"."queue_name" ILIKE %s)) LIMIT %s) AS "j1" ON ("t1"."id" = "j1"."id") ORDER BY Random() LIMIT %s OFFSET %s', [datetime.datetime(2025, 11, 4, 9, 10, 39, 157181), True, datetime.datetime(2025, 11, 4, 9, 10, 39, 157181), 0, 'notification/%', 50, 1, 0]) notificationworker stdout | 2025-11-04 09:10:39,171 [78] [DEBUG] [workers.queueworker] No more work. notificationworker stdout | 2025-11-04 09:10:39,171 [78] [DEBUG] [data.database] Disconnecting from database. notificationworker stdout | 2025-11-04 09:10:39,171 [78] [INFO] [apscheduler.executors.default] Job "QueueWorker.poll_queue (trigger: interval[0:00:10], next run at: 2025-11-04 09:10:49 GMT)" executed successfully gunicorn-web stdout | 2025-11-04 09:10:39,516 [246] [DEBUG] [app] Starting request: urn:request:a211aebf-d713-4e34-9588-90b4e35417d5 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-web stdout | 2025-11-04 09:10:39,518 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-registry stdout | 2025-11-04 09:10:39,520 [263] [DEBUG] [app] Starting request: urn:request:8ce59c3c-8c0c-43af-9bfe-2bce123778d5 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:10:39,521 [263] [DEBUG] [app] Ending request: urn:request:8ce59c3c-8c0c-43af-9bfe-2bce123778d5 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:8ce59c3c-8c0c-43af-9bfe-2bce123778d5', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} gunicorn-registry stdout | 2025-11-04 09:10:39,521 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:39,523 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:10:39,524 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.004 162 0.004) gunicorn-web stdout | 2025-11-04 09:10:39,530 [249] [DEBUG] [app] Starting request: urn:request:d540f5d0-573d-4bc4-b287-f17b4f0e37ec (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:10:39,531 [249] [DEBUG] [app] Ending request: urn:request:d540f5d0-573d-4bc4-b287-f17b4f0e37ec (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:d540f5d0-573d-4bc4-b287-f17b4f0e37ec', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:10:39,532 [249] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:39,533 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:10:39,534 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:10:39,534 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:10:39,534 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:10:39,556 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:10:39,556 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:10:39,573 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:10:39,577 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:10:39,581 [246] [DEBUG] [app] Ending request: urn:request:a211aebf-d713-4e34-9588-90b4e35417d5 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:a211aebf-d713-4e34-9588-90b4e35417d5', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:10:39,581 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:10:39,582 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:10:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:10:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.066 118 0.066) gunicorn-web stdout | 2025-11-04 09:10:39,588 [246] [DEBUG] [app] Starting request: urn:request:f73d9d05-1b28-48bb-bd2a-02ef191ba4d2 (/health/instance) {'X-Forwarded-For': '10.128.4.2'} gunicorn-registry stdout | 2025-11-04 09:10:39,591 [263] [DEBUG] [app] Starting request: urn:request:8706b7b2-3062-4f5b-89a7-3b955f581f19 (/v1/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-registry stdout | 2025-11-04 09:10:39,593 [263] [DEBUG] [app] Ending request: urn:request:8706b7b2-3062-4f5b-89a7-3b955f581f19 (/v1/_internal_ping) {'endpoint': 'v1.internal_ping', 'request_id': 'urn:request:8706b7b2-3062-4f5b-89a7-3b955f581f19', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/v1/_internal_ping', 'path': '/v1/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': '082f04da', 'user-agent': 'python-requests/2.32.3'} nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.004 162 0.004) gunicorn-web stdout | 2025-11-04 09:10:39,594 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /v1/_internal_ping HTTP/1.1" 200 4 gunicorn-registry stdout | 2025-11-04 09:10:39,595 [263] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:39 +0000] "GET /v1/_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" gunicorn-web stdout | 2025-11-04 09:10:39,596 [246] [DEBUG] [urllib3.connectionpool] Resetting dropped connection: localhost gunicorn-web stdout | 2025-11-04 09:10:39,598 [248] [DEBUG] [app] Starting request: urn:request:ec97fa6b-755b-4b0e-a92c-537951b1942c (/_internal_ping) {'X-Forwarded-For': '127.0.0.1'} gunicorn-web stdout | 2025-11-04 09:10:39,598 [248] [DEBUG] [app] Ending request: urn:request:ec97fa6b-755b-4b0e-a92c-537951b1942c (/_internal_ping) {'endpoint': 'web.internal_ping', 'request_id': 'urn:request:ec97fa6b-755b-4b0e-a92c-537951b1942c', 'remote_addr': '127.0.0.1', 'http_method': 'GET', 'original_url': 'http://localhost/_internal_ping', 'path': '/_internal_ping', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'python-requests/2.32.3'} gunicorn-web stdout | 2025-11-04 09:10:39,599 [248] [INFO] [gunicorn.access] 127.0.0.1 - - [04/Nov/2025:09:10:39 +0000] "GET /_internal_ping HTTP/1.0" 200 4 "-" "python-requests/2.32.3" nginx stdout | 127.0.0.1 (-) - - [04/Nov/2025:09:10:39 +0000] "GET /_internal_ping HTTP/1.1" 200 4 "-" "python-requests/2.32.3" (0.002 159 0.002) gunicorn-web stdout | 2025-11-04 09:10:39,599 [246] [DEBUG] [urllib3.connectionpool] http://localhost:8080 "GET /_internal_ping HTTP/1.1" 200 4 gunicorn-web stdout | 2025-11-04 09:10:39,600 [246] [DEBUG] [data.model.health] Validating database connection. gunicorn-web stdout | 2025-11-04 09:10:39,600 [246] [INFO] [data.database] Setting database host to quayregistry-quay-database for worker gunicorn-web gunicorn-web stdout | 2025-11-04 09:10:39,600 [246] [INFO] [data.database] Connection pooling disabled for postgresql gunicorn-web stdout | 2025-11-04 09:10:39,613 [246] [DEBUG] [data.model.health] Checking for existence of team roles, timeout 5000 ms. gunicorn-web stdout | 2025-11-04 09:10:39,613 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (5000,)) gunicorn-web stdout | 2025-11-04 09:10:39,623 [246] [DEBUG] [peewee] ('SELECT "t1"."id", "t1"."name" FROM "teamrole" AS "t1" LIMIT %s', [1]) gunicorn-web stdout | 2025-11-04 09:10:39,627 [246] [DEBUG] [peewee] ('SET statement_timeout=%s;', (0,)) gunicorn-web stdout | 2025-11-04 09:10:39,631 [246] [DEBUG] [app] Ending request: urn:request:f73d9d05-1b28-48bb-bd2a-02ef191ba4d2 (/health/instance) {'endpoint': 'web.instance_health', 'request_id': 'urn:request:f73d9d05-1b28-48bb-bd2a-02ef191ba4d2', 'remote_addr': '10.128.4.2', 'http_method': 'GET', 'original_url': 'http://10.128.4.42/health/instance', 'path': '/health/instance', 'parameters': {}, 'json_body': None, 'confsha': 'ba8173fe', 'user-agent': 'kube-probe/1.32'} gunicorn-web stdout | 2025-11-04 09:10:39,631 [246] [DEBUG] [data.database] Disconnecting from database. gunicorn-web stdout | 2025-11-04 09:10:39,631 [246] [INFO] [gunicorn.access] 10.128.4.2 - - [04/Nov/2025:09:10:39 +0000] "GET /health/instance HTTP/1.0" 200 152 "-" "kube-probe/1.32" nginx stdout | 10.128.4.2 (-) - - [04/Nov/2025:09:10:39 +0000] "GET /health/instance HTTP/1.1" 200 152 "-" "kube-probe/1.32" (0.044 118 0.044) autopruneworker stdout | 2025-11-04 09:10:41,083 [59] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'autopruneworker.py', 'pid': '59'} autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open autopruneworker stdout | h.request(req.get_method(), req.selector, req.data, headers, autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request autopruneworker stdout | self._send_request(method, url, body, headers, encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request autopruneworker stdout | self.endheaders(body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders autopruneworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output autopruneworker stdout | self.send(msg) autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send autopruneworker stdout | self.connect() autopruneworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect autopruneworker stdout | self.sock = self._create_connection( autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection autopruneworker stdout | raise exceptions[0] autopruneworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection autopruneworker stdout | sock.connect(sa) autopruneworker stdout | ConnectionRefusedError: [Errno 111] Connection refused autopruneworker stdout | During handling of the above exception, another exception occurred: autopruneworker stdout | Traceback (most recent call last): autopruneworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run autopruneworker stdout | push_to_gateway( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway autopruneworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway autopruneworker stdout | handler( autopruneworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle autopruneworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open autopruneworker stdout | response = self._open(req, data) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open autopruneworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain autopruneworker stdout | result = func(*args) autopruneworker stdout | ^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open autopruneworker stdout | return self.do_open(http.client.HTTPConnection, req) autopruneworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ autopruneworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open autopruneworker stdout | raise URLError(err) autopruneworker stdout | urllib.error.URLError: manifestsubjectbackfillworker stdout | 2025-11-04 09:10:42,273 [74] [ERROR] [util.metrics.prometheus] failed to push registry to pushgateway at http://localhost:9091 with grouping key {'host': 'quayregistry-quay-app-6f599c49b4-lkkm8', 'process_name': 'manifestsubjectbackfillworker.py', 'pid': '74'} manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1344, in do_open manifestsubjectbackfillworker stdout | h.request(req.get_method(), req.selector, req.data, headers, manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1338, in request manifestsubjectbackfillworker stdout | self._send_request(method, url, body, headers, encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1384, in _send_request manifestsubjectbackfillworker stdout | self.endheaders(body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1333, in endheaders manifestsubjectbackfillworker stdout | self._send_output(message_body, encode_chunked=encode_chunked) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1093, in _send_output manifestsubjectbackfillworker stdout | self.send(msg) manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1037, in send manifestsubjectbackfillworker stdout | self.connect() manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/http/client.py", line 1003, in connect manifestsubjectbackfillworker stdout | self.sock = self._create_connection( manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 865, in create_connection manifestsubjectbackfillworker stdout | raise exceptions[0] manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/socket.py", line 850, in create_connection manifestsubjectbackfillworker stdout | sock.connect(sa) manifestsubjectbackfillworker stdout | ConnectionRefusedError: [Errno 111] Connection refused manifestsubjectbackfillworker stdout | During handling of the above exception, another exception occurred: manifestsubjectbackfillworker stdout | Traceback (most recent call last): manifestsubjectbackfillworker stdout | File "/quay-registry/util/metrics/prometheus.py", line 140, in run manifestsubjectbackfillworker stdout | push_to_gateway( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 289, in push_to_gateway manifestsubjectbackfillworker stdout | _use_gateway('PUT', gateway, job, registry, grouping_key, timeout, handler) manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 358, in _use_gateway manifestsubjectbackfillworker stdout | handler( manifestsubjectbackfillworker stdout | File "/opt/app-root/lib64/python3.12/site-packages/prometheus_client/exposition.py", line 221, in handle manifestsubjectbackfillworker stdout | resp = build_opener(HTTPHandler).open(request, timeout=timeout) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 515, in open manifestsubjectbackfillworker stdout | response = self._open(req, data) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 532, in _open manifestsubjectbackfillworker stdout | result = self._call_chain(self.handle_open, protocol, protocol + manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 492, in _call_chain manifestsubjectbackfillworker stdout | result = func(*args) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1373, in http_open manifestsubjectbackfillworker stdout | return self.do_open(http.client.HTTPConnection, req) manifestsubjectbackfillworker stdout | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ manifestsubjectbackfillworker stdout | File "/usr/lib64/python3.12/urllib/request.py", line 1347, in do_open manifestsubjectbackfillworker stdout | raise URLError(err) manifestsubjectbackfillworker stdout | urllib.error.URLError: pullstatsredisflushworker stdout | 2025-11-04 09:10:42,952 [80] [DEBUG] [apscheduler.scheduler] Looking for jobs to run pullstatsredisflushworker stdout | 2025-11-04 09:10:42,952 [80] [DEBUG] [apscheduler.scheduler] Next wakeup is due at 2025-11-04 09:11:12.952336+00:00 (in 29.999489 seconds) pullstatsredisflushworker stdout | 2025-11-04 09:10:42,953 [80] [INFO] [apscheduler.executors.default] Running job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:11:12 GMT)" (scheduled at 2025-11-04 09:10:42.952336+00:00) pullstatsredisflushworker stdout | 2025-11-04 09:10:42,953 [80] [DEBUG] [__main__] RedisFlushWorker: Starting pull metrics flush pullstatsredisflushworker stdout | 2025-11-04 09:10:42,956 [80] [DEBUG] [__main__] RedisFlushWorker: No pull event keys found pullstatsredisflushworker stdout | 2025-11-04 09:10:42,956 [80] [INFO] [apscheduler.executors.default] Job "RedisFlushWorker._flush_pull_metrics (trigger: interval[0:00:30], next run at: 2025-11-04 09:11:12 GMT)" executed successfully